alert http any any -> any any (msg:"SURICATA HTTP compression bomb"; flow:established; app-layer-event:http.compression_bomb; flowint:http.anomaly.count,+,1; classtype:protocol-command-decode; sid:2221049; rev:1;)
-# next sid 2221050
+alert http any any -> any any (msg:"SURICATA HTTP too many warnings"; flow:established; app-layer-event:http.too_many_warnings; flowint:http.anomaly.count,+,1; classtype:protocol-command-decode; sid:2221050; rev:1;)
+
+# next sid 2221051
/** List of HTP configurations. */
static HTPCfgRec cfglist;
+/** Limit to the number of libhtp messages that can be handled */
+#define HTP_MAX_MESSAGES 512
+
SC_ATOMIC_DECLARE(uint32_t, htp_config_flags);
#ifdef DEBUG
{ "MULTIPART_INVALID_HEADER",
HTTP_DECODER_EVENT_MULTIPART_INVALID_HEADER},
+ { "TOO_MANY_WARNINGS",
+ HTTP_DECODER_EVENT_TOO_MANY_WARNINGS},
+
{ NULL, -1 },
};
size_t size = htp_list_size(s->conn->messages);
size_t msg;
+ if(size >= HTP_MAX_MESSAGES) {
+ if (s->htp_messages_offset < HTP_MAX_MESSAGES) {
+ //only once per HtpState
+ HTPSetEvent(s, NULL, dir, HTTP_DECODER_EVENT_TOO_MANY_WARNINGS);
+ s->htp_messages_offset = HTP_MAX_MESSAGES;
+ DEBUG_VALIDATE_BUG_ON("Too many libhtp messages");
+ }
+ // ignore further messages
+ return;
+ }
for (msg = s->htp_messages_offset; msg < size; msg++) {
htp_log_t *log = htp_list_get(s->conn->messages, msg);
HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR,
HTTP_DECODER_EVENT_MULTIPART_NO_FILEDATA,
HTTP_DECODER_EVENT_MULTIPART_INVALID_HEADER,
+
+ HTTP_DECODER_EVENT_TOO_MANY_WARNINGS,
};
typedef enum HtpSwfCompressType_ {
projects / thirdparty / suricata.git / commitdiff
