Bug #94 » 0003-add-uuid-to-uuid_list-for-udp.patch
| src/app-layer-dcerpc-udp.c | ||
|---|---|---|
|
* present to parse the entire header. A slow path is used to parse
|
||
|
* fragmented packets.
|
||
|
*/
|
||
|
static uint32_t DCERPCUDPParseHeader(Flow *f, void *dcerpcudp_state,
|
||
|
static int DCERPCUDPParseHeader(Flow *f, void *dcerpcudp_state,
|
||
|
AppLayerParserState *pstate, uint8_t *input, uint32_t input_len,
|
||
|
AppLayerParserResult *output) {
|
||
|
SCEnter();
|
||
| ... | ... | |
|
case 0:
|
||
|
if (input_len >= DCERPC_UDP_HDR_LEN) {
|
||
|
sstate->dcerpc.dcerpchdrudp.rpc_vers = *p;
|
||
|
if (sstate->dcerpc.dcerpchdrudp.rpc_vers != 4) {
|
||
|
SCLogDebug("DCERPC UDP Header did not validate");
|
||
|
SCReturnInt(-1);
|
||
|
}
|
||
|
sstate->dcerpc.dcerpchdrudp.type = *(p + 1);
|
||
|
sstate->dcerpc.dcerpchdrudp.flags1 = *(p + 2);
|
||
|
sstate->dcerpc.dcerpchdrudp.flags2 = *(p + 3);
|
||
| ... | ... | |
|
sstate->uuid_entry = (DCERPCUuidEntry *) SCCalloc(1,
|
||
|
sizeof(DCERPCUuidEntry));
|
||
|
if (sstate->uuid_entry == NULL) {
|
||
|
SCReturnUInt(0);
|
||
|
SCReturnUInt(-1);
|
||
|
} else {
|
||
|
memcpy(sstate->uuid_entry->uuid,
|
||
|
sstate->dcerpc.dcerpchdrudp.activityuuid,
|
||
|
sizeof(sstate->dcerpc.dcerpchdrudp.activityuuid));
|
||
|
TAILQ_INSERT_HEAD(&sstate->uuid_list, sstate->uuid_entry,
|
||
|
next);
|
||
|
#ifdef UNITTESTS
|
||
|
if (RunmodeIsUnittests()) {
|
||
|
printUUID("DCERPC UDP", sstate->uuid_entry);
|
||
|
}
|
||
|
#endif
|
||
|
}
|
||
|
SCReturnUInt(80U);
|
||
|
SCReturnUInt(80);
|
||
|
break;
|
||
|
} else {
|
||
|
sstate->dcerpc.dcerpchdrudp.rpc_vers = *(p++);
|
||
|
if (sstate->dcerpc.dcerpchdrudp.rpc_vers != 4) {
|
||
|
SCLogDebug("DCERPC UDP Header did not validate");
|
||
|
SCReturnInt(-1);
|
||
|
}
|
||
|
if (!(--input_len))
|
||
|
break;
|
||
|
}
|
||
| ... | ... | |
|
sstate->uuid_entry = (DCERPCUuidEntry *) SCCalloc(1,
|
||
|
sizeof(DCERPCUuidEntry));
|
||
|
if (sstate->uuid_entry == NULL) {
|
||
|
SCReturnUInt(0);
|
||
|
SCReturnUInt(-1);
|
||
|
} else {
|
||
|
memcpy(sstate->uuid_entry->uuid,
|
||
|
sstate->dcerpc.dcerpchdrudp.activityuuid,
|
||
|
sizeof(sstate->dcerpc.dcerpchdrudp.activityuuid));
|
||
|
TAILQ_INSERT_HEAD(&sstate->uuid_list, sstate->uuid_entry,
|
||
|
next);
|
||
|
#ifdef UNITTESTS
|
||
|
if (RunmodeIsUnittests()) {
|
||
|
printUUID("DCERPC UDP", sstate->uuid_entry);
|
||
|
}
|
||
|
#endif
|
||
|
}
|
||
|
--input_len;
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
sstate->bytesprocessed += (p - input);
|
||
|
SCReturnUInt((uint32_t)(p - input));
|
||
|
SCReturnInt((p - input));
|
||
|
}
|
||
|
static int DCERPCUDPParse(Flow *f, void *dcerpc_state,
|
||
| ... | ... | |
|
AppLayerParserResult *output) {
|
||
|
uint32_t retval = 0;
|
||
|
uint32_t parsed = 0;
|
||
|
int hdrretval = 0;
|
||
|
SCEnter();
|
||
|
DCERPCUDPState *sstate = (DCERPCUDPState *) dcerpc_state;
|
||
|
while (sstate->bytesprocessed < DCERPC_UDP_HDR_LEN && input_len) {
|
||
|
retval = DCERPCUDPParseHeader(f, dcerpc_state, pstate, input,
|
||
|
hdrretval = DCERPCUDPParseHeader(f, dcerpc_state, pstate, input,
|
||
|
input_len, output);
|
||
|
parsed += retval;
|
||
|
input_len -= retval;
|
||
|
if(hdrretval == -1) {
|
||
|
sstate->bytesprocessed = 0;
|
||
|
SCReturnInt(hdrretval);
|
||
|
} else {
|
||
|
parsed += retval;
|
||
|
input_len -= retval;
|
||
|
}
|
||
|
}
|
||
|
#if 0
|
||
|
printf("Done with DCERPCUDPParseHeader bytesprocessed %u/%u left %u\n",
|
||
| ... | ... | |
|
printUUID("REQUEST", uuid_entry);
|
||
|
}
|
||
|
end:
|
||
|
end:
|
||
|
StreamL7DataPtrFree(&ssn);
|
||
|
StreamTcpFreeConfig(TRUE);
|
||
|
return result;
|
||
- « Previous
- 1
- …
- 3
- 4
- 5
- Next »