Ticket: 4530
So, that we do not get DOS by quadratic complexity, while
looking for a new pkt_id over the ever growing list
of active transactions
alert mqtt any any -> any any (msg:"SURICATA MQTT invalid QOS level"; app-layer-event:mqtt.invalid_qos_level; classtype:protocol-command-decode; sid:2229006; rev:1;)
alert mqtt any any -> any any (msg:"SURICATA MQTT missing message ID"; app-layer-event:mqtt.missing_msg_id; classtype:protocol-command-decode; sid:2229007; rev:1;)
alert mqtt any any -> any any (msg:"SURICATA MQTT unassigned message type (0 or >15)"; app-layer-event:mqtt.unassigned_msg_type; classtype:protocol-command-decode; sid:2229008; rev:1;)
+alert mqtt any any -> any any (msg:"SURICATA MQTT too many transactions"; app-layer-event:mqtt.too_many_transactions; classtype:protocol-command-decode; sid:2229009; rev:1;)
// this value, it will be truncated. Default: 1MB.
static mut MAX_MSG_LEN: u32 = 1048576;
+//TODO make this configurable
+const MQTT_MAX_TX: usize = 1024;
+
static mut ALPROTO_MQTT: AppProto = ALPROTO_UNKNOWN;
#[derive(FromPrimitive, Debug, AppLayerEvent)]
InvalidQosLevel,
MissingMsgId,
UnassignedMsgType,
+ TooManyTransactions,
}
#[derive(Debug)]
} else {
tx.toserver = true;
}
+ if self.transactions.len() > MQTT_MAX_TX {
+ for tx_old in &mut self.transactions {
+ if !tx_old.complete {
+ tx_old.complete = true;
+ MQTTState::set_event(tx_old, MQTTEvent::TooManyTransactions);
+ break;
+ }
+ }
+ }
return tx;
}
projects / thirdparty / suricata.git / commitdiff
