Skip to content

dcerpc: mimic gap behavior for invalid data#14766

Draft
inashivb wants to merge 1 commit intoOISF:mainfrom
inashivb:dcerpc-invalid-data-handling/v2
Draft

dcerpc: mimic gap behavior for invalid data#14766
inashivb wants to merge 1 commit intoOISF:mainfrom
inashivb:dcerpc-invalid-data-handling/v2

Conversation

@inashivb
Copy link
Member

@inashivb inashivb commented Feb 7, 2026

Previous PR: #14764

Changes since v1:

  • fixed clippy error

Link to ticket: https://redmine.openinfosecfoundation.org/issues/7251

SV_BRANCH=OISF/suricata-verify#2904

@inashivb
dcerpc: mimic gap behavior for invalid data
3bdad92 
If invalid data is sent to the parser then instead of rejecting it at
the first few bytes that do not conform to the header standards, mimic
gap behavior and try to skip a few bytes until a possibly good DCERPC
record is found.

Ticket: 7251
@inashivb inashivb requested a review from jasonish as a code owner February 7, 2026 09:51
@suricata-qa
Copy link

suricata-qa commented Feb 7, 2026

WARNING:

field baseline test %
SURI_TLPR1_stats_chk
.app_layer.error.dcerpc_tcp.parser 10319 3101 30.05%
.app_layer.tx.dcerpc_tcp 4180 6298 150.67%

Pipeline = 29487

@inashivb inashivb marked this pull request as draft February 8, 2026 02:19
@codecov
Copy link

codecov bot commented Feb 8, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 79.41176% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 79.14%. Comparing base (364d2c0) to head (3bdad92).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #14766      +/-   ##
==========================================
- Coverage   82.15%   79.14%   -3.01%     
==========================================
  Files        1003     1003              
  Lines      263674   263658      -16     
==========================================
- Hits       216611   208684    -7927     
- Misses      47063    54974    +7911
Flag Coverage Δ
fuzzcorpus ?
livemode 18.93% <0.00%> (+0.19%) ⬆️
netns 18.56% <0.00%> (+<0.01%) ⬆️
pcap 44.69% <79.41%> (+0.06%) ⬆️
suricata-verify 65.46% <79.41%> (+0.01%) ⬆️
unittests 59.24% <58.82%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@inashivb @suricata-qa