aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ftp: Restrict file name lengths

Browse Source 
Restrict file name lengths to PATH_MAX - 1 to avoid over subscribing
memory to FTP file name tracking.
pull/5212/head
Jeff Lucovsky 5 years ago
parent c169cfe0a3
commit 72e2f36f9b
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File

14
src/app-layer-ftp.c
Unescape Escape View File

@ -635,15 +635,19 @@ static AppLayerResult FTPParseRequest(Flow *f, void *ftp_state,
if (data == NULL) if (data == NULL)
SCReturnStruct(APP_LAYER_ERROR); SCReturnStruct(APP_LAYER_ERROR);
data->DFree = FtpTransferCmdFree; data->DFree = FtpTransferCmdFree;
/* Min size has been checked in FTPParseRequestCommand */ /*
data->file_name = FTPCalloc(state->current_line_len - 4, sizeof(char)); * Min size has been checked in FTPParseRequestCommand
* PATH_MAX includes the null
*/
int file_name_len = MIN(PATH_MAX - 1, state->current_line_len - 5);
data->file_name = FTPCalloc(file_name_len + 1, sizeof(char));
if (data->file_name == NULL) { if (data->file_name == NULL) {
FtpTransferCmdFree(data); FtpTransferCmdFree(data);
SCReturnStruct(APP_LAYER_ERROR); SCReturnStruct(APP_LAYER_ERROR);
} }
data->file_name[state->current_line_len - 5] = 0; data->file_name[file_name_len] = 0;
data->file_len = state->current_line_len - 5; data->file_len = file_name_len;
memcpy(data->file_name, state->current_line + 5, state->current_line_len - 5); memcpy(data->file_name, state->current_line + 5, file_name_len);
data->cmd = state->command; data->cmd = state->command;
data->flow_id = FlowGetId(f); data->flow_id = FlowGetId(f);
int ret = AppLayerExpectationCreate(f, int ret = AppLayerExpectationCreate(f,

Write Preview
Loading…
Cancel
Save