From: Shivani Bhardwaj <shivani@oisf.net>
Date: Fri, 13 Sep 2024 08:56:05 +0000 (+0530)
Subject: dcerpc: do not assume an upper bound on data
X-Git-Tag: suricata-8.0.0-beta1~496
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0d6017d174e11868cff49fbd3e08280373cd3e18;p=thirdparty%2Fsuricata.git

dcerpc: do not assume an upper bound on data

TCP data can be presented to the protocol parser in any way e.g. one
byte at a time, single complete PDU, fragmented PDU, multiple PDUs at
once. A limit of 1MB can be easily reached in some of such scenarios.
Remove the check that rejects data that is more than 1MB.
---

diff --git a/rust/src/dcerpc/dcerpc.rs b/rust/src/dcerpc/dcerpc.rs
index c8c377a372..f12021da26 100644
--- a/rust/src/dcerpc/dcerpc.rs
+++ b/rust/src/dcerpc/dcerpc.rs
@@ -959,19 +959,11 @@ impl DCERPCState {
 
         let buffer = match direction {
             Direction::ToServer => {
-                if self.buffer_ts.len() + input_len > 1024 * 1024 {
-                    SCLogDebug!("DCERPC TOSERVER stream: Buffer Overflow");
-                    return AppLayerResult::err();
-                }
                 v = self.buffer_ts.split_off(0);
                 v.extend_from_slice(cur_i);
                 v.as_slice()
             }
             Direction::ToClient => {
-                if self.buffer_tc.len() + input_len > 1024 * 1024 {
-                    SCLogDebug!("DCERPC TOCLIENT stream: Buffer Overflow");
-                    return AppLayerResult::err();
-                }
                 v = self.buffer_tc.split_off(0);
                 v.extend_from_slice(cur_i);
                 v.as_slice()