Bug #116 ยป 0001-add-maximum-andx-chain-depth.patch
| src/app-layer-smb.c | ||
|---|---|---|
|
case 0:
|
||
|
/* Initialize */
|
||
|
sstate->andx.andxcommand = SMB_NO_SECONDARY_ANDX_COMMAND;
|
||
|
sstate->andx.maxchainedandx = 5;
|
||
|
if (input_len >= NBSS_HDR_LEN) {
|
||
|
sstate->nbss.type = *p;
|
||
|
sstate->nbss.length = (*(p + 1) & 0x01) << 16;
|
||
| ... | ... | |
|
sstate->bytesprocessed = 0;
|
||
|
SCReturnInt(-1);
|
||
|
}
|
||
|
}
|
||
|
SCLogDebug("[3] WordCount SMB Header (%u/%u) Command 0x%02x WordCount %u parsed %"PRIu64" input_len %u\n",
|
||
|
sstate->bytesprocessed, NBSS_HDR_LEN + SMB_HDR_LEN + 1,
|
||
|
sstate->smb.command, sstate->wordcount.wordcount,
|
||
|
SCLogDebug("[3] WordCount (%u/%u) WordCount %u parsed %"PRIu64" input_len %u\n",
|
||
|
sstate->bytesprocessed, NBSS_HDR_LEN + SMB_HDR_LEN + 1,
|
||
|
sstate->wordcount.wordcount,
|
||
|
parsed, input_len);
|
||
|
}
|
||
|
while (input_len && (sstate->bytesprocessed >= NBSS_HDR_LEN
|
||
|
+ SMB_HDR_LEN + 1 && sstate->bytesprocessed < NBSS_HDR_LEN
|
||
| ... | ... | |
|
sstate->bytesprocessed = 0;
|
||
|
SCReturnInt(-1);
|
||
|
}
|
||
|
}
|
||
|
SCLogDebug("[4] Parsing WordCount SMB Header (%u/%u) Command 0x%02x WordCount %u parsed %"PRIu64" input_len %u\n",
|
||
|
SCLogDebug("[4] Parsing WordCount (%u/%u) WordCount %u parsed %"PRIu64" input_len %u\n",
|
||
|
sstate->bytesprocessed, NBSS_HDR_LEN + SMB_HDR_LEN + 1 + sstate->wordcount.wordcount,
|
||
|
sstate->smb.command, sstate->wordcount.wordcount,
|
||
|
sstate->wordcount.wordcount,
|
||
|
parsed, input_len);
|
||
|
}
|
||
|
while (input_len && (sstate->bytesprocessed >= NBSS_HDR_LEN
|
||
|
+ SMB_HDR_LEN + 1 + sstate->wordcount.wordcount
|
||
| ... | ... | |
|
sstate->bytesprocessed = 0;
|
||
|
SCReturnInt(-1);
|
||
|
}
|
||
|
SCLogDebug("[5] ByteCount (%u/%u) ByteCount %u parsed %"PRIu64" input_len %u\n",
|
||
|
sstate->bytesprocessed, NBSS_HDR_LEN + SMB_HDR_LEN + 3,
|
||
|
sstate->bytecount.bytecount,
|
||
|
parsed, input_len);
|
||
|
}
|
||
|
while (input_len && (sstate->bytesprocessed >= NBSS_HDR_LEN
|
||
| ... | ... | |
|
sstate->bytesprocessed = 0;
|
||
|
SCReturnInt(-1);
|
||
|
}
|
||
|
SCLogDebug("[6] Parsing ByteCount (%u/%u) ByteCount %u parsed %"PRIu64" input_len %u\n",
|
||
|
sstate->bytesprocessed, NBSS_HDR_LEN + SMB_HDR_LEN + 1 + sstate->wordcount.wordcount + 2 + sstate->bytecount.bytecount,
|
||
|
sstate->bytecount.bytecount, parsed, input_len);
|
||
|
}
|
||
|
SCLogDebug("[6] ByteCount SMB Header (%u/%u) Command 0x%02x WordCount %u ByteCount %u parsed %"PRIu64" input_len %u\n",
|
||
|
sstate->bytesprocessed, NBSS_HDR_LEN + SMB_HDR_LEN + 1 + sstate->wordcount.wordcount + 2 + sstate->bytecount.bytecount,
|
||
|
sstate->smb.command, sstate->wordcount.wordcount,
|
||
|
sstate->bytecount.bytecount, parsed, input_len);
|
||
|
} while (sstate->andx.andxcommand != SMB_NO_SECONDARY_ANDX_COMMAND
|
||
|
&& input_len);
|
||
|
&& input_len && sstate->andx.maxchainedandx--);
|
||
|
if (sstate->bytesprocessed >= sstate->nbss.length + NBSS_HDR_LEN) {
|
||
|
sstate->bytesprocessed = 0;
|
||
|
if (sstate->bytesprocessed >= sstate->nbss.length + NBSS_HDR_LEN ||
|
||
|
sstate->andx.maxchainedandx == 0) {
|
||
|
sstate->bytesprocessed = 0;
|
||
|
}
|
||
|
break;
|
||
|
default:
|
||
| src/app-layer-smb.h | ||
|---|---|---|
|
uint8_t isandx;
|
||
|
uint8_t paddingparsed;
|
||
|
uint8_t andxcommand;
|
||
|
uint8_t maxchainedandx;
|
||
|
uint16_t andxoffset;
|
||
|
uint16_t andxbytesprocessed;
|
||
|
uint16_t datalength;
|
||