ssh: limit length for banner logs

Ticket: 6770

diff --git a/rust/src/jsonbuilder.rs b/rust/src/jsonbuilder.rs
index 9ff623429509c7d6bda0ffdfc7b16c460926a489..7264be5c6b33bfe8af7de0a3d6202269dd739426 100644 (file)
--- a/rust/src/jsonbuilder.rs
+++ b/rust/src/jsonbuilder.rs
@@ -527,6 +527,22 @@ impl JsonBuilder {
         }
     }
 
+    /// Set a key and a string value (from bytes) on an object, with a limited size
+    pub fn set_string_from_bytes_limited(&mut self, key: &str, val: &[u8], limit: usize) -> Result<&mut Self, JsonError> {
+        let mut valtrunc = Vec::new();
+        let val = if val.len() > limit {
+            valtrunc.extend_from_slice(&val[..limit]);
+            valtrunc.extend_from_slice(b"[truncated]");
+            &valtrunc
+        } else {
+            val
+        };
+        match std::str::from_utf8(val) {
+            Ok(s) => self.set_string(key, s),
+            Err(_) => self.set_string(key, &try_string_from_bytes(val)?),
+        }
+    }
+
     /// Set a key and a string field as the base64 encoded string of the value.
     pub fn set_base64(&mut self, key: &str, val: &[u8]) -> Result<&mut Self, JsonError> {
         match self.current_state() {

diff --git a/rust/src/ssh/logger.rs b/rust/src/ssh/logger.rs
index 008c6cb4517ab19a06bf473302d9a0ba5a1c2cd8..bee6693c898ecc1612bed9caf7bde89d7e0b3e2e 100644 (file)
--- a/rust/src/ssh/logger.rs
+++ b/rust/src/ssh/logger.rs
@@ -15,7 +15,7 @@
  * 02110-1301, USA.
  */
 
-use super::ssh::SSHTransaction;
+use super::ssh::{SSHTransaction, SSH_MAX_BANNER_LEN};
 use crate::jsonbuilder::{JsonBuilder, JsonError};
 
 fn log_ssh(tx: &SSHTransaction, js: &mut JsonBuilder) -> Result<bool, JsonError> {
@@ -25,9 +25,9 @@ fn log_ssh(tx: &SSHTransaction, js: &mut JsonBuilder) -> Result<bool, JsonError>
     }
     if !tx.cli_hdr.protover.is_empty() {
         js.open_object("client")?;
-        js.set_string_from_bytes("proto_version", &tx.cli_hdr.protover)?;
+        js.set_string_from_bytes_limited("proto_version", &tx.cli_hdr.protover, SSH_MAX_BANNER_LEN)?;
         if !tx.cli_hdr.swver.is_empty() {
-            js.set_string_from_bytes("software_version", &tx.cli_hdr.swver)?;
+            js.set_string_from_bytes_limited("software_version", &tx.cli_hdr.swver, SSH_MAX_BANNER_LEN)?;
         }
         if !tx.cli_hdr.hassh.is_empty() || !tx.cli_hdr.hassh_string.is_empty() {
             js.open_object("hassh")?;
@@ -43,9 +43,9 @@ fn log_ssh(tx: &SSHTransaction, js: &mut JsonBuilder) -> Result<bool, JsonError>
     }
     if !tx.srv_hdr.protover.is_empty() {
         js.open_object("server")?;
-        js.set_string_from_bytes("proto_version", &tx.srv_hdr.protover)?;
+        js.set_string_from_bytes_limited("proto_version", &tx.srv_hdr.protover, SSH_MAX_BANNER_LEN)?;
         if !tx.srv_hdr.swver.is_empty() {
-            js.set_string_from_bytes("software_version", &tx.srv_hdr.swver)?;
+            js.set_string_from_bytes_limited("software_version", &tx.srv_hdr.swver, SSH_MAX_BANNER_LEN)?;
         }
         if !tx.srv_hdr.hassh.is_empty() || !tx.srv_hdr.hassh_string.is_empty() {
             js.open_object("hassh")?;

diff --git a/rust/src/ssh/ssh.rs b/rust/src/ssh/ssh.rs
index 55f8426b4e7324caec896d7319c367f61da6cdda..a0586894f9fb8efe352dc3e67cd27f3a55098ccb 100644 (file)
--- a/rust/src/ssh/ssh.rs
+++ b/rust/src/ssh/ssh.rs
@@ -46,7 +46,7 @@ pub enum SSHConnectionState {
     SshStateFinished = 3,
 }
 
-const SSH_MAX_BANNER_LEN: usize = 256;
+pub const SSH_MAX_BANNER_LEN: usize = 256;
 const SSH_RECORD_HEADER_LEN: usize = 6;
 const SSH_MAX_REASSEMBLED_RECORD_LEN: usize = 65535;