dcerpc: do not assume an upper bound on data

TCP data can be presented to the protocol parser in any way e.g. one byte at a time, single complete PDU, fragmented PDU, multiple PDUs at once. A limit of 1MB can be easily reached in some of such scenarios. Remove the check that rejects data that is more than 1MB.
6 months ago · 0d6017d174
parent 84d7055056
commit 0d6017d174
1 changed files with 0 additions and 8 deletions
--- a/rust/src/dcerpc/dcerpc.rs
+++ b/rust/src/dcerpc/dcerpc.rs
@ -959,19 +959,11 @@ impl DCERPCState {

        let buffer = match direction {
            Direction::ToServer => {
-                if self.buffer_ts.len() + input_len > 1024 * 1024 {
-                    SCLogDebug!("DCERPC TOSERVER stream: Buffer Overflow");
-                    return AppLayerResult::err();
-                }
                v = self.buffer_ts.split_off(0);
                v.extend_from_slice(cur_i);
                v.as_slice()
            }
            Direction::ToClient => {
-                if self.buffer_tc.len() + input_len > 1024 * 1024 {
-                    SCLogDebug!("DCERPC TOCLIENT stream: Buffer Overflow");
-                    return AppLayerResult::err();
-                }
                v = self.buffer_tc.split_off(0);
                v.extend_from_slice(cur_i);
                v.as_slice()