aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dnp3: more precise probing for banners

Browse Source
pull/4941/head
Philippe Antoine 4 years ago committed by Jason Ish
parent 12dfc33e05
commit bde0c88984
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File

10
src/app-layer-dnp3.c
Unescape Escape View File

@ -277,11 +277,21 @@ static uint16_t DNP3ProbingParser(Flow *f, uint8_t direction,
/* May be a banner. */ /* May be a banner. */
if (DNP3ContainsBanner(input, len)) { if (DNP3ContainsBanner(input, len)) {
SCLogDebug("Packet contains a DNP3 banner."); SCLogDebug("Packet contains a DNP3 banner.");
bool is_banner = true;
// magic 0x100 = 256 seems good enough
for (uint32_t i = 0; i < len && i < 0x100; i++) {
if (!isprint(input[i])) {
is_banner = false;
break;
}
}
if (is_banner) {
if (toserver) { if (toserver) {
*rdir = STREAM_TOCLIENT; *rdir = STREAM_TOCLIENT;
} }
return ALPROTO_DNP3; return ALPROTO_DNP3;
} }
}
/* Check that we have the minimum amount of bytes. */ /* Check that we have the minimum amount of bytes. */
if (len < sizeof(DNP3LinkHeader)) { if (len < sizeof(DNP3LinkHeader)) {

Write Preview
Loading…
Cancel
Save