From: Juliana Fajardini <jufajardini@oisf.net>
Date: Thu, 15 Sep 2022 15:19:43 +0000 (-0300)
Subject: pgsql: don't always return error for parsing errors
X-Git-Tag: suricata-8.0.0-beta1~410
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ff8d4e972c2ec640055cdad072ab1bd81d794c77;p=thirdparty%2Fsuricata.git

pgsql: don't always return error for parsing errors

This allows the app-proto to continue onto parsing next PDUs, if
possible.

Bug #5524
---

diff --git a/rust/src/pgsql/pgsql.rs b/rust/src/pgsql/pgsql.rs
index e9356ad456..a8976d87b7 100644
--- a/rust/src/pgsql/pgsql.rs
+++ b/rust/src/pgsql/pgsql.rs
@@ -1,4 +1,4 @@
-/* Copyright (C) 2022-2024 Open Information Security Foundation
+/* Copyright (C) 2022-2025 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -399,7 +399,26 @@ impl PgsqlState {
                     );
                     return AppLayerResult::incomplete(consumed as u32, needed_estimation as u32);
                 }
+                Err(Err::Error(err)) => {
+                    match err {
+                        PgsqlParseError::InvalidLength => {
+                            // TODO set event invalid length event
+                            // If we don't get a valid length, we can't know how to proceed
+                            return AppLayerResult::err();
+                        }
+                        PgsqlParseError::NomError(_i, error_kind) => {
+                            if error_kind == nom7::error::ErrorKind::Switch {
+                                // TODO set event switch / PgsqlEvent::MalformedData // or something like that
+                            }
+                            SCLogDebug!("Parsing error: {:?}", error_kind);
+                        }
+                    }
+                    // If we have parsed the message length, let's assume we can
+                    // move onto the next PDU even if we can't parse the current message
+                    return AppLayerResult::ok();
+                }
                 Err(_) => {
+                    SCLogDebug!("Error while parsing PGSQL request");
                     return AppLayerResult::err();
                 }
             }
@@ -573,8 +592,26 @@ impl PgsqlState {
                     );
                     return AppLayerResult::incomplete(consumed as u32, needed_estimation as u32);
                 }
+                Err(Err::Error(err)) => {
+                    match err {
+                        PgsqlParseError::InvalidLength => {
+                            // TODO set event invalid length event
+                            // If we don't get a valid length, we can't know how to proceed
+                            return AppLayerResult::err();
+                        }
+                        PgsqlParseError::NomError(_i, error_kind) => {
+                            if error_kind == nom7::error::ErrorKind::Switch {
+                                // TODO set event switch / PgsqlEvent::MalformedData // or something like that
+                            }
+                            SCLogDebug!("Parsing error: {:?}", error_kind);
+                        }
+                    }
+                    // If we have parsed the message length, let's assume we can
+                    // move onto the next PDU even if we can't parse the current message
+                    return AppLayerResult::ok();
+                }
                 Err(_) => {
-                    SCLogDebug!("Error while parsing PostgreSQL response");
+                    SCLogDebug!("Error while parsing PGSQL response");
                     return AppLayerResult::err();
                 }
             }