From: Philippe Antoine <contact@catenacyber.fr>
Date: Wed, 28 Dec 2022 14:53:35 +0000 (+0100)
Subject: Adds test about ftp port when memcap is reached
X-Git-Tag: suricata-6.0.12~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96b67f9e21b3520d9d8fee263dc1c2b45630feb1;p=thirdparty%2Fsuricata-verify.git

Adds test about ftp port when memcap is reached

Ticket: #5701
---

diff --git a/tests/ftp-port-memcap/README.md b/tests/ftp-port-memcap/README.md
new file mode 100644
index 000000000..74e3fd267
--- /dev/null
+++ b/tests/ftp-port-memcap/README.md
@@ -0,0 +1,11 @@
+# Description
+
+Test FTP PORT parsing when memcap is reached
+Cf https://redmine.openinfosecfoundation.org/issues/5701
+
+# PCAP
+
+The pcap is manually crafted with fuzzpcap to have
+- First FTP_COMMAND_PORT request allocates state->port_line and sets state->port_line_len : everything is fine so far
+- Another request tries to realloc but fails due to memcap : it resets state->port_line but not state->port_line_len
+- A response calls rs_ftp_active_port(NULL, 25);
diff --git a/tests/ftp-port-memcap/input.pcap b/tests/ftp-port-memcap/input.pcap
new file mode 100644
index 000000000..811c225d1
Binary files /dev/null and b/tests/ftp-port-memcap/input.pcap differ
diff --git a/tests/ftp-port-memcap/test.yaml b/tests/ftp-port-memcap/test.yaml
new file mode 100644
index 000000000..c371a9da7
--- /dev/null
+++ b/tests/ftp-port-memcap/test.yaml
@@ -0,0 +1,9 @@
+args:
+- -k none --set app-layer.protocols.ftp.memcap=512
+
+checks:
+  - filter:
+      count: 2
+      match:
+        event_type: ftp
+        ftp.command: "PORT"