From 0a67ed5bc9740c6491a10c0c9c5f5fa449e42d5e Mon Sep 17 00:00:00 2001
From: Kirby Kuehl <kkuehl@gmail.com>
Date: Thu, 11 Feb 2010 14:27:21 -0600
Subject: [PATCH 2/3] smb safety checks

---
 src/app-layer-smb.c |   26 +++++++++++++-------------
 1 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/src/app-layer-smb.c b/src/app-layer-smb.c
index 4c6fea5..c666a04 100644
--- a/src/app-layer-smb.c
+++ b/src/app-layer-smb.c
@@ -953,8 +953,8 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
                     sstate->nbss.length, parsed, input_len);
         } else if (input_len) {
             SCLogDebug("Error parsing NBSS Header\n");
-            parsed += input_len;
-            input_len = 0;
+            sstate->bytesprocessed = 0;
+            SCReturnInt(-1);
         }
     }
 
@@ -967,7 +967,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
                 if (retval == -1) {
                     SCLogDebug("Error parsing SMB Header\n");
                     sstate->bytesprocessed = 0;
-                    SCReturnInt(1);
+                    SCReturnInt(-1);
                 } else {
                     parsed += retval;
                     input_len -= retval;
@@ -988,8 +988,8 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
                         input_len -= retval;
                     } else if (input_len) {
                         SCLogDebug("Error parsing SMB Word Count\n");
-                        parsed += input_len;
-                        input_len = 0;
+                        sstate->bytesprocessed = 0;
+                        SCReturnInt(-1);
                     }
                 }
                 SCLogDebug("SMB Header (%u/%u) Command 0x%02x WordCount %u parsed %ld input_len %u\n",
@@ -1007,8 +1007,8 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
                         input_len -= retval;
                     } else if (input_len) {
                         SCLogDebug("Error parsing SMB Word Count Data\n");
-                        parsed += input_len;
-                        input_len = 0;
+                        sstate->bytesprocessed = 0;
+                        SCReturnInt(-1);
                     }
                 }
 
@@ -1023,8 +1023,8 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
                         input_len -= retval;
                     } else if (input_len) {
                         SCLogDebug("Error parsing SMB Byte Count\n");
-                        parsed += input_len;
-                        input_len = 0;
+                        sstate->bytesprocessed = 0;
+                        SCReturnInt(-1);
                     }
                 }
 
@@ -1040,8 +1040,8 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
                         input_len -= retval;
                     } else if (input_len) {
                         SCLogDebug("Error parsing SMB Byte Count Data\n");
-                        parsed += input_len;
-                        input_len = 0;
+                        sstate->bytesprocessed = 0;
+                        SCReturnInt(-1);
                     }
                 }
 
@@ -1049,11 +1049,11 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
                     && input_len);
 
             if (sstate->bytesprocessed >= sstate->nbss.length + NBSS_HDR_LEN) {
-		sstate->bytesprocessed = 0;
+            	sstate->bytesprocessed = 0;
             }
             break;
         default:
-		sstate->bytesprocessed = 0;
+        	sstate->bytesprocessed = 0;
             break;
     }
     pstate->parse_field = 0;
-- 
1.6.6