Adds test about ftp port when memcap is reached

Ticket: #5701

diff --git a/tests/ftp-port-memcap/README.md b/tests/ftp-port-memcap/README.md
new file mode 100644 (file)
index 0000000..74e3fd2
--- /dev/null
+++ b/tests/ftp-port-memcap/README.md
@@ -0,0 +1,11 @@
+# Description
+
+Test FTP PORT parsing when memcap is reached
+Cf https://redmine.openinfosecfoundation.org/issues/5701
+
+# PCAP
+
+The pcap is manually crafted with fuzzpcap to have
+- First FTP_COMMAND_PORT request allocates state->port_line and sets state->port_line_len : everything is fine so far
+- Another request tries to realloc but fails due to memcap : it resets state->port_line but not state->port_line_len
+- A response calls rs_ftp_active_port(NULL, 25);

diff --git a/tests/ftp-port-memcap/input.pcap b/tests/ftp-port-memcap/input.pcap
new file mode 100644 (file)
index 0000000..811c225
Binary files /dev/null and b/tests/ftp-port-memcap/input.pcap differ

diff --git a/tests/ftp-port-memcap/test.yaml b/tests/ftp-port-memcap/test.yaml
new file mode 100644 (file)
index 0000000..c371a9d
--- /dev/null
+++ b/tests/ftp-port-memcap/test.yaml
@@ -0,0 +1,9 @@
+args:
+- -k none --set app-layer.protocols.ftp.memcap=512
+
+checks:
+  - filter:
+      count: 2
+      match:
+        event_type: ftp
+        ftp.command: "PORT"