Actions
Bug #3525
closedKerberos vulnerable to TCP splitting evasion
Affected Versions:
Effort:
Difficulty:
Label:
Description
Problem happens if the split happens in the middle of a record size
Another problems happens if the buffer size is less than 4
Problem found while running suricata-verify tests against Suricata compiled with this patch
diff --git a/src/app-layer.c b/src/app-layer.c
index b614f2712..0149d6b4f 100644
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -658,8 +658,15 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
* a start msg should have gotten us one */
if (f->alproto != ALPROTO_UNKNOWN) {
PACKET_PROFILING_APP_START(app_tctx, f->alproto);
+#ifndef LOLSPLIT
+ for (size_t i = 0; i < data_len; i++) {
+ r = AppLayerParserParse(tv, app_tctx->alp_tctx, f, f->alproto,
+ flags, data+i, 1);
+ }
+#else
r = AppLayerParserParse(tv, app_tctx->alp_tctx, f, f->alproto,
flags, data, data_len);
+#endif
PACKET_PROFILING_APP_END(app_tctx, f->alproto);
if (r >= 0) {
(*stream)->app_progress_rel += data_len;
Updated by Philippe Antoine over 4 years ago
- Status changed from New to Closed
- Affected Versions 6.0.0beta1 added
Updated by Philippe Antoine over 4 years ago
- Copied to Bug #3526: 5.0.x Kerberos vulnerable to TCP splitting evasion added
Updated by Victor Julien over 4 years ago
- Assignee set to Philippe Antoine
- Target version set to 6.0.0beta1
- Affected Versions deleted (
6.0.0beta1) - Label deleted (
Needs backport)
Actions