Project

General

Profile

Bug #42 » 0001-64-bit-portability.patch

final patch, fixes infinite loop in unittest, uses uint32_t for SCReturnUInt() - Kirby Kuehl, 01/05/2010 09:04 AM

View differences:

src/app-layer-dcerpc.c
printf(" Major Version 0x%04x Minor Version 0x%04x\n", uuid->version, uuid->versionminor);
}
static int DCERPCParseSecondaryAddr(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
static uint32_t DCERPCParseSecondaryAddr(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{
SCEnter();
......
p++;
}
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int PaddingParser(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
static uint32_t PaddingParser(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state;
uint8_t *p = input;
while (sstate->padleft-- && input_len--) {
......
p++;
}
sstate->bytesprocessed += (p - input);
return (p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int DCERPCGetCTXItems(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
static uint32_t DCERPCGetCTXItems(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state;
......
if (input_len) {
switch(sstate->ctxbytesprocessed) {
case 0:
/*if (input_len >= 4) {
if (input_len >= 4) {
sstate->numctxitems = *p;
sstate->numctxitemsleft = sstate->numctxitems;
sstate->ctxbytesprocessed += (4);
SCReturnInt(4);
} else { */
sstate->ctxbytesprocessed += 4;
sstate->bytesprocessed += 4;
SCReturnUInt(4U);
} else {
sstate->numctxitems = *(p++);
sstate->numctxitemsleft = sstate->numctxitems;
if (!(--input_len)) break;
//}
}
case 1:
p++;
if (!(--input_len)) break;
......
}
sstate->ctxbytesprocessed += (p - input);
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
static uint32_t DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state;
uint8_t *p = input;
......
sstate->versionminor |= *(p + 23) << 8;
sstate->uuid_entry = (struct uuid_entry *) calloc(1, sizeof(struct uuid_entry));
if (sstate->uuid_entry == NULL) {
SCReturnInt(-1);
SCReturnUInt(0);
} else {
memcpy(sstate->uuid_entry->uuid, sstate->uuid,
sizeof(sstate->uuid));
......
sstate->uuid_entry->version = sstate->version;
sstate->uuid_entry->versionminor = sstate->versionminor;
TAILQ_INSERT_HEAD(&sstate->uuid_list, sstate->uuid_entry, next);
printUUID("BIND", sstate->uuid_entry);
//printUUID("BIND", sstate->uuid_entry);
}
sstate->numctxitemsleft--;
sstate->bytesprocessed += (44);
sstate->ctxbytesprocessed += (44);
SCReturnInt(44);
SCReturnUInt(44U);
} else {
sstate->ctxid = *(p++);
if (!(--input_len)) break;
......
case 43:
sstate->numctxitemsleft--;
if (sstate->uuid_entry == NULL) {
SCReturnInt(-1);
SCReturnUInt(0);
} else {
memcpy(sstate->uuid_entry->uuid, sstate->uuid,
sizeof(sstate->uuid));
......
}
sstate->ctxbytesprocessed += (p - input);
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
static uint32_t DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state;
uint8_t *p = input;
......
TAILQ_FOREACH(uuid_entry, &sstate->uuid_list, next) {
if(uuid_entry->ctxid == sstate->numctxitems - sstate->numctxitemsleft) {
uuid_entry->result = sstate->result;
printUUID("BIND_ACK", uuid_entry);
//printUUID("BIND_ACK", uuid_entry);
break;
}
}
sstate->numctxitemsleft--;
sstate->bytesprocessed += (24);
sstate->ctxbytesprocessed += (24);
SCReturnInt(24);
SCReturnUInt(24U);
} else {
sstate->result = *(p++);
if (!(--input_len)) break;
......
TAILQ_FOREACH(uuid_entry, &sstate->uuid_list, next) {
if(uuid_entry->ctxid == sstate->numctxitems - sstate->numctxitemsleft) {
uuid_entry->result = sstate->result;
printUUID("BIND_ACK", uuid_entry);
//printUUID("BIND_ACK", uuid_entry);
break;
}
}
......
}
sstate->ctxbytesprocessed += (p - input);
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
static uint32_t DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state;
......
sstate->numctxitems = *(p+8);
sstate->numctxitemsleft = sstate->numctxitems;
sstate->bytesprocessed += 12;
SCReturnInt(12);
SCReturnUInt(12U);
} else {
/* max_xmit_frag */
p++;
......
}
}
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
static uint32_t DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state;
uint8_t *p = input;
......
sstate->secondaryaddrlen |= *(p+9) << 8;
sstate->secondaryaddrlenleft = sstate->secondaryaddrlen;
sstate->bytesprocessed += 10;
SCReturnInt(10);
SCReturnUInt(10U);
} else {
/* max_xmit_frag */
p++;
......
break;
}
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState
static uint32_t DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState
*pstate, uint8_t *input, uint32_t input_len,
AppLayerParserResult *output) {
SCEnter();
......
sstate->dcerpc.call_id |= *(p + 14) << 8;
sstate->dcerpc.call_id |= *(p + 15);
sstate->bytesprocessed = DCERPC_HDR_LEN;
SCReturnInt(DCERPC_HDR_LEN);
SCReturnUInt(16U);
break;
} else {
sstate->dcerpc.rpc_vers = *(p++);
......
sstate->dcerpc.call_id |= *(p++);
--input_len;
break;
default: // SHOULD NEVER OCCUR
SCLogDebug("Odd");
SCReturnInt(8);
}
}
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
......
parsed += retval;
input_len -= retval;
}
SCLogDebug("Done with DCERPCParseHeader bytesprocessed %u\n", sstate->bytesprocessed);
switch (sstate->dcerpc.type) {
case BIND:
......
parsed += retval;
input_len -= retval;
}
SCLogDebug("Done with DCERPCParseBIND bytesprocessed %u\n", sstate->bytesprocessed);
while (sstate->numctxitemsleft && sstate->bytesprocessed < sstate->dcerpc.frag_length &&
input_len) {
......
parsed += retval;
input_len -= retval;
}
SCLogDebug("Done with DCERPCParseBINDCTXItem bytesprocessed %u\n", sstate->bytesprocessed);
if (sstate->bytesprocessed == sstate->dcerpc.frag_length) {
sstate->bytesprocessed = 0;
......
parsed += retval;
input_len -= retval;
}
SCLogDebug("Done with DCERPCParseBINDACK bytesprocessed %u\n", sstate->bytesprocessed);
while (sstate->bytesprocessed < DCERPC_HDR_LEN + 10 + sstate->secondaryaddrlen && input_len--) {
retval = DCERPCParseSecondaryAddr(f, dcerpc_state, pstate, input + parsed, input_len,
......
parsed += retval;
input_len -= retval;
}
SCLogDebug("Done with DCERPCParseSecondaryAddr bytesprocessed %u\n", sstate->bytesprocessed);
if(sstate->bytesprocessed == DCERPC_HDR_LEN + 10 + sstate->secondaryaddrlen) {
sstate->pad = sstate->bytesprocessed % 4;
sstate->padleft = sstate->pad;
}
SCLogDebug("pad %u\n", sstate->pad);
while (sstate->bytesprocessed < DCERPC_HDR_LEN + 10 + sstate->secondaryaddrlen + sstate->pad && input_len--) {
retval = PaddingParser(f, dcerpc_state, pstate, input + parsed, input_len,
......
parsed += retval;
input_len -= retval;
}
SCLogDebug("Done with PaddingParser bytesprocessed %u\n", sstate->bytesprocessed);
while(sstate->bytesprocessed >= DCERPC_HDR_LEN + 10 + sstate->pad + sstate->secondaryaddrlen &&
sstate->bytesprocessed < DCERPC_HDR_LEN + 14 + sstate->pad + sstate->secondaryaddrlen) {
......
parsed += retval;
input_len -= retval;
}
SCLogDebug("Done with DCERPCGetCTXItems bytesprocessed %u\n", sstate->bytesprocessed);
if (sstate->bytesprocessed == DCERPC_HDR_LEN + 14 + sstate->pad + sstate->secondaryaddrlen) {
sstate->ctxbytesprocessed = 0;
......
parsed += retval;
input_len -= retval;
}
SCLogDebug("Done with DCERPCParseBINDACKCTXItem bytesprocessed %u\n", sstate->bytesprocessed);
if (sstate->bytesprocessed == sstate->dcerpc.frag_length) {
sstate->bytesprocessed = 0;
......
void RegisterDCERPCParsers(void) {
AppLayerRegisterProto("dcerpc", ALPROTO_DCERPC, STREAM_TOSERVER, DCERPCParse);
AppLayerRegisterProto("dcerpc", ALPROTO_DCERPC, STREAM_TOCLIENT, DCERPCParse);
AppLayerRegisterParser("dcerpc.hdr", ALPROTO_DCERPC, DCERPC_PARSE_DCERPC_HEADER, DCERPCParseHeader, "dcerpc");
AppLayerRegisterStateFuncs(ALPROTO_DCERPC, DCERPCStateAlloc, DCERPCStateFree);
}
src/app-layer-smb.c
* \brief SMB Write AndX Request Parsing
*/
/* For WriteAndX we need to get writeandxdataoffset */
static int SMBParseWriteAndX(Flow *f, void *smb_state, AppLayerParserState *pstate,
static uint32_t SMBParseWriteAndX(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
uint8_t *p = input;
switch (sstate->andx.andxbytesprocessed) {
......
sstate->andx.dataoffset|= (uint64_t) *(p+25) << 48;
sstate->andx.dataoffset|= (uint64_t) *(p+26) << 40;
sstate->andx.dataoffset|= (uint64_t) *(p+27) << 32;
input_len -= 28;
sstate->bytesprocessed += 28;
return 28;
SCReturnUInt(28U);
} else {
sstate->andx.andxcommand = *(p++);
if (!(--input_len)) break;
......
sstate->andx.dataoffset|= (uint64_t) *(p++) << 32;
--input_len;
break;
default:
// SHOULD NEVER OCCUR
return 0;
}
sstate->bytesprocessed += (p - input);
return (p - input);
SCReturnUInt((uint32_t)(p - input));
}
/**
* \brief SMB Read AndX Response Parsing
*/
static int SMBParseReadAndX(Flow *f, void *smb_state, AppLayerParserState *pstate,
static uint32_t SMBParseReadAndX(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
uint8_t *p = input;
switch (sstate->andx.andxbytesprocessed) {
......
sstate->andx.datalength |= (uint64_t) *(p+15) << 48;
sstate->andx.datalength |= (uint64_t) *(p+16) << 40;
sstate->andx.datalength |= (uint64_t) *(p+17) << 32;
input_len -= 24;
sstate->bytesprocessed += 24;
return 24;
SCReturnUInt(24U);
} else {
sstate->andx.andxcommand = *(p++);
if (!(--input_len)) break;
......
p++;
--input_len;
break;
default:
// SHOULD NEVER OCCUR
return 0;
}
return 0;
sstate->bytesprocessed += (p - input);
return (p - input);
SCReturnUInt((uint32_t)(p - input));
}
/**
* Handle variable length padding for WriteAndX and ReadAndX
*/
static int PaddingParser(void *smb_state, AppLayerParserState *pstate,
static uint32_t PaddingParser(void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
uint8_t *p = input;
while ((uint32_t)(sstate->bytesprocessed + (p - input)) < sstate->andx.dataoffset && sstate->bytecount.bytecount-- && input_len--) {
......
sstate->andx.paddingparsed = 1;
}
sstate->bytesprocessed += (p - input);
return (p - input);
SCReturnUInt((uint32_t)(p - input));
}
/**
* \brief Parse WriteAndX and ReadAndX Data
* \todo Hand off to DCERPC parser for DCERPC over SMB
*/
static int DataParser(void *smb_state, AppLayerParserState *pstate,
static uint32_t DataParser(void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
uint8_t *p = input;
......
}
}
sstate->bytesprocessed += (p - input);
return (p - input);
SCReturnUInt((uint32_t)(p - input));
}
......
* Reset bytecount.bytecountbytes to 0.
* Determine if this is an SMB AndX Command
*/
static int SMBGetWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
static uint32_t SMBGetWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{
SCEnter();
......
sstate->bytecount.bytecountbytes = 0;
sstate->andx.isandx = isAndX(sstate);
SCLogDebug("Wordcount (%u):", sstate->wordcount.wordcount);
SCReturnInt(1);
SCReturnUInt(1U);
}
SCReturnInt(0);
SCReturnUInt(0);
}
/*
......
* is after the first bytecount byte.
*/
static int SMBGetByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
static uint32_t SMBGetByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{
SCEnter();
......
SCLogDebug("Bytecount %u", sstate->bytecount.bytecount);
--input_len;
}
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
/**
* \brief SMBParseWordCount parses the SMB Wordcount portion of the SMB Transaction.
* until sstate->wordcount.wordcount bytes are parsed.
*/
static int SMBParseWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
static uint32_t SMBParseWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{
SCEnter();
......
parsed += retval;
input_len -= retval;
sstate->wordcount.wordcount -= retval;
return retval;
SCReturnUInt(retval);
} else if (((sstate->smb.flags & SMB_FLAGS_SERVER_TO_REDIR) == 0) && sstate->smb.command == SMB_COM_WRITE_ANDX) {
retval = SMBParseWriteAndX(f, sstate, pstate, input + parsed, input_len, output);
parsed += retval;
input_len -= retval;
sstate->wordcount.wordcount -= retval;
return retval;
SCReturnUInt(retval);
} else { /* Generic WordCount Handler */
while (sstate->wordcount.wordcount-- && input_len--) {
SCLogDebug("0x%02x ", *p);
p++;
}
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
}
......
* until sstate->bytecount.bytecount bytes are parsed.
*/
static int SMBParseByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
static uint32_t SMBParseByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{
SCEnter();
......
parsed += retval;
input_len -= retval;
}
SCReturnUInt(retval);
}
while (sstate->bytecount.bytecount && input_len) {
SCLogDebug("0x%02x bytecount %u input_len %u", *p,
sstate->bytecount.bytecount, input_len);
p++;
sstate->wordcount.wordcount--;
input_len--;
}
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
//#define DEBUG 1
static int NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate,
static uint32_t NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{
SCEnter();
......
sstate->nbss.length = (*(p + 1) & 0x01) << 16;
sstate->nbss.length |= *(p + 2) << 8;
sstate->nbss.length |= *(p + 3);
input_len -= NBSS_HDR_LEN;
sstate->bytesprocessed += NBSS_HDR_LEN;
SCReturnInt(NBSS_HDR_LEN);
SCReturnUInt(4U);
} else {
sstate->nbss.type = *(p++);
if (!(--input_len)) break;
......
sstate->nbss.length |= *(p++);
--input_len;
break;
default:
SCReturnInt(-1);
break;
}
sstate->bytesprocessed += (p - input);
}
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate,
static uint32_t SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{
SCEnter();
......
if (input_len >= SMB_HDR_LEN) {
if (memcmp(p, "\xff\x53\x4d\x42", 4) != 0) {
SCLogDebug("SMB Header did not validate");
SCReturnInt(0);
SCReturnUInt(0);
}
sstate->smb.command = *(p + 4);
sstate->smb.status = *(p + 5) << 24;
......
sstate->smb.uid |= *(p + 29);
sstate->smb.mid = *(p + 30) << 8;
sstate->smb.mid |= *(p + 31);
input_len -= SMB_HDR_LEN;
sstate->bytesprocessed += SMB_HDR_LEN;
SCReturnInt(SMB_HDR_LEN);
SCReturnUInt(32U);
break;
} else {
//sstate->smb.protocol[0] = *(p++);
......
sstate->smb.mid |= *(p++);
--input_len;
break;
default: // SHOULD NEVER OCCUR
SCReturnInt(8);
}
}
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
......
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
uint32_t retval = 0;
uint32_t parsed = 0;
long int retval = 0;
long int parsed = 0;
if (pstate == NULL)
SCReturnInt(-1);
......
parsed += retval;
input_len -= retval;
SCLogDebug("NBSS Header (%u/%u) Type 0x%02x Length 0x%04x parsed %u input_len %u",
SCLogDebug("NBSS Header (%u/%u) Type 0x%02x Length 0x%04x parsed %ld input_len %u",
sstate->bytesprocessed, NBSS_HDR_LEN, sstate->nbss.type,
sstate->nbss.length, parsed, input_len);
}
......
parsed, input_len, output);
parsed += retval;
input_len -= retval;
SCLogDebug("SMB Header (%u/%u) Command 0x%02x parsed %u input_len %u",
SCLogDebug("SMB Header (%u/%u) Command 0x%02x parsed %ld input_len %u",
sstate->bytesprocessed, NBSS_HDR_LEN + SMB_HDR_LEN,
sstate->smb.command, parsed, input_len);
}
......
output);
parsed += retval;
input_len -= retval;
SCLogDebug("wordcount (%u) parsed %u input_len %u",
SCLogDebug("wordcount (%u) parsed %ld input_len %u",
sstate->wordcount.wordcount, parsed, input_len);
}
......
*/
int isAndX(SMBState *smb_state) {
SCEnter();
switch (smb_state->smb.command) {
case SMB_NO_SECONDARY_ANDX_COMMAND:
case SMB_COM_LOCKING_ANDX:
......
case SMB_COM_TREE_CONNECT_ANDX:
case SMB_COM_NT_CREATE_ANDX:
smb_state->andx.andxbytesprocessed = 0;
return 1;
SCReturnInt(1);
default:
return 0;
SCReturnInt(0);
}
}
src/app-layer-smb2.c
SMB_FIELD_MAX,
};
//#define DEBUG 1
static int NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate,
static uint32_t NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMB2State *sstate = (SMB2State *) smb2_state;
uint8_t *p = input;
......
sstate->nbss.length = (*(p + 1) & 0x01) << 16;
sstate->nbss.length |= *(p + 2) << 8;
sstate->nbss.length |= *(p + 3);
input_len -= NBSS_HDR_LEN;
sstate->bytesprocessed += NBSS_HDR_LEN;
return NBSS_HDR_LEN;
SCReturnUInt(4U);
} else {
sstate->nbss.type = *(p++);
if (!(--input_len)) break;
......
sstate->nbss.length |= *(p++);
--input_len;
break;
default:
return -1;
break;
}
sstate->bytesprocessed += (p - input);
}
return (p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate,
static uint32_t SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMB2State *sstate = (SMB2State *) smb2_state;
uint8_t *p = input;
if (input_len) {
......
sstate->smb2.Signature[13] = *(p + 61);
sstate->smb2.Signature[14] = *(p + 62);
sstate->smb2.Signature[15] = *(p + 63);
input_len -= SMB2_HDR_LEN;
sstate->bytesprocessed += SMB2_HDR_LEN;
return SMB2_HDR_LEN;
SCReturnUInt(64U);
break;
} else {
//sstate->smb2.protocol[0] = *(p++);
......
sstate->smb2.Signature[15] = *(p++);
--input_len;
break;
default: // SHOULD NEVER OCCUR
return 0;
}
}
sstate->bytesprocessed += (p - input);
return (p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int SMB2Parse(Flow *f, void *smb2_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMB2State *sstate = (SMB2State *) smb2_state;
uint32_t retval = 0;
uint32_t parsed = 0;
......
}
pstate->parse_field = 0;
pstate->flags |= APP_LAYER_PARSER_DONE;
return 1;
SCReturnInt(1);
}
......
void RegisterSMB2Parsers(void) {
AppLayerRegisterProto("smb", ALPROTO_SMB2, STREAM_TOSERVER, SMB2Parse);
AppLayerRegisterProto("smb", ALPROTO_SMB2, STREAM_TOCLIENT, SMB2Parse);
/*AppLayerRegisterParser("nbss.hdr", ALPROTO_SMB, SMB_PARSE_NBSS_HEADER,
NBSSParseHeader, "smb");
AppLayerRegisterParser("smb.hdr", ALPROTO_SMB, SMB_PARSE_SMB_HEADER,
SMBParseHeader, "smb");
AppLayerRegisterParser("smb.getwordcount", ALPROTO_SMB, SMB_PARSE_GET_WORDCOUNT,
SMBGetWordCount, "smb");
AppLayerRegisterParser("smb.wordcount", ALPROTO_SMB, SMB_PARSE_WORDCOUNT,
SMBParseWordCount, "smb");
AppLayerRegisterParser("smb.getbytecount", ALPROTO_SMB, SMB_PARSE_GET_BYTECOUNT,
SMBGetByteCount, "smb");
AppLayerRegisterParser("smb.bytecount", ALPROTO_SMB, SMB_PARSE_BYTECOUNT,
SMBParseByteCount, "smb");
*/
AppLayerRegisterStateFuncs(ALPROTO_SMB2, SMB2StateAlloc, SMB2StateFree);
}
(5-5/6)