From ee15583ea6be188d2cad57b5ac93d51bf4a75eae Mon Sep 17 00:00:00 2001 From: Kirby Kuehl Date: Mon, 4 Jan 2010 15:53:41 -0600 Subject: [PATCH] 64 bit fixes second try --- src/app-layer-dcerpc.c | 65 +++++++++++++++---------------- src/app-layer-smb.c | 101 +++++++++++++++++++++--------------------------- src/app-layer-smb2.c | 38 +++++------------- src/util-debug.h | 18 ++++++++ 4 files changed, 103 insertions(+), 119 deletions(-) diff --git a/src/app-layer-dcerpc.c b/src/app-layer-dcerpc.c index 0970196..abdae4f 100644 --- a/src/app-layer-dcerpc.c +++ b/src/app-layer-dcerpc.c @@ -46,7 +46,7 @@ void printUUID(char *type, struct uuid_entry *uuid) { printf(" Major Version 0x%04x Minor Version 0x%04x\n", uuid->version, uuid->versionminor); } -static int DCERPCParseSecondaryAddr(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, +static long int DCERPCParseSecondaryAddr(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); @@ -57,11 +57,12 @@ static int DCERPCParseSecondaryAddr(Flow *f, void *dcerpc_state, AppLayerParserS p++; } sstate->bytesprocessed += (p - input); - SCReturnInt(p - input); + SCReturnLongInt((long int)(p - input)); } -static int PaddingParser(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, +static long int PaddingParser(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { + SCEnter(); DCERPCState *sstate = (DCERPCState *)dcerpc_state; uint8_t *p = input; while (sstate->padleft-- && input_len--) { @@ -69,10 +70,10 @@ static int PaddingParser(Flow *f, void *dcerpc_state, AppLayerParserState *pstat p++; } sstate->bytesprocessed += (p - input); - return (p - input); + SCReturnLongInt((long int)(p - input)); } -static int DCERPCGetCTXItems(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, +static long int DCERPCGetCTXItems(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); DCERPCState *sstate = (DCERPCState *)dcerpc_state; @@ -80,16 +81,16 @@ static int DCERPCGetCTXItems(Flow *f, void *dcerpc_state, AppLayerParserState *p if (input_len) { switch(sstate->ctxbytesprocessed) { case 0: - /*if (input_len >= 4) { + if (input_len >= 4) { sstate->numctxitems = *p; sstate->numctxitemsleft = sstate->numctxitems; sstate->ctxbytesprocessed += (4); SCReturnInt(4); - } else { */ + } else { sstate->numctxitems = *(p++); sstate->numctxitemsleft = sstate->numctxitems; if (!(--input_len)) break; - //} + } case 1: p++; if (!(--input_len)) break; @@ -104,11 +105,11 @@ static int DCERPCGetCTXItems(Flow *f, void *dcerpc_state, AppLayerParserState *p } sstate->ctxbytesprocessed += (p - input); sstate->bytesprocessed += (p - input); - SCReturnInt(p - input); + SCReturnLongInt((long int)(p - input)); } -static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { +static long int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); DCERPCState *sstate = (DCERPCState *)dcerpc_state; uint8_t *p = input; @@ -141,7 +142,7 @@ static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserSta sstate->versionminor |= *(p + 23) << 8; sstate->uuid_entry = (struct uuid_entry *) calloc(1, sizeof(struct uuid_entry)); if (sstate->uuid_entry == NULL) { - SCReturnInt(-1); + SCReturnLongInt(0L); } else { memcpy(sstate->uuid_entry->uuid, sstate->uuid, sizeof(sstate->uuid)); @@ -149,12 +150,12 @@ static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserSta sstate->uuid_entry->version = sstate->version; sstate->uuid_entry->versionminor = sstate->versionminor; TAILQ_INSERT_HEAD(&sstate->uuid_list, sstate->uuid_entry, next); - printUUID("BIND", sstate->uuid_entry); + //printUUID("BIND", sstate->uuid_entry); } sstate->numctxitemsleft--; sstate->bytesprocessed += (44); sstate->ctxbytesprocessed += (44); - SCReturnInt(44); + SCReturnLongInt(44L); } else { sstate->ctxid = *(p++); if (!(--input_len)) break; @@ -306,10 +307,10 @@ static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserSta } sstate->ctxbytesprocessed += (p - input); sstate->bytesprocessed += (p - input); - SCReturnInt(p - input); + SCReturnLongInt((long int)(p - input)); } -static int DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { +static long int DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); DCERPCState *sstate = (DCERPCState *)dcerpc_state; uint8_t *p = input; @@ -323,14 +324,14 @@ static int DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParser TAILQ_FOREACH(uuid_entry, &sstate->uuid_list, next) { if(uuid_entry->ctxid == sstate->numctxitems - sstate->numctxitemsleft) { uuid_entry->result = sstate->result; - printUUID("BIND_ACK", uuid_entry); + //printUUID("BIND_ACK", uuid_entry); break; } } sstate->numctxitemsleft--; sstate->bytesprocessed += (24); sstate->ctxbytesprocessed += (24); - SCReturnInt(24); + SCReturnLongInt(24L); } else { sstate->result = *(p++); if (!(--input_len)) break; @@ -407,7 +408,7 @@ static int DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParser TAILQ_FOREACH(uuid_entry, &sstate->uuid_list, next) { if(uuid_entry->ctxid == sstate->numctxitems - sstate->numctxitemsleft) { uuid_entry->result = sstate->result; - printUUID("BIND_ACK", uuid_entry); + //printUUID("BIND_ACK", uuid_entry); break; } } @@ -420,10 +421,10 @@ static int DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParser } sstate->ctxbytesprocessed += (p - input); sstate->bytesprocessed += (p - input); - SCReturnInt(p - input); + SCReturnLongInt((long int)(p - input)); } -static int DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, +static long int DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); DCERPCState *sstate = (DCERPCState *)dcerpc_state; @@ -437,7 +438,7 @@ static int DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pst sstate->numctxitems = *(p+8); sstate->numctxitemsleft = sstate->numctxitems; sstate->bytesprocessed += 12; - SCReturnInt(12); + SCReturnLongInt(12L); } else { /* max_xmit_frag */ p++; @@ -492,10 +493,10 @@ static int DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pst } } sstate->bytesprocessed += (p - input); - SCReturnInt(p - input); + SCReturnLongInt((long int)(p - input)); } -static int DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { +static long int DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); DCERPCState *sstate = (DCERPCState *)dcerpc_state; uint8_t *p = input; @@ -508,7 +509,7 @@ static int DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState * sstate->secondaryaddrlen |= *(p+9) << 8; sstate->secondaryaddrlenleft = sstate->secondaryaddrlen; sstate->bytesprocessed += 10; - SCReturnInt(10); + SCReturnLongInt(10L); } else { /* max_xmit_frag */ p++; @@ -553,10 +554,10 @@ static int DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState * break; } sstate->bytesprocessed += (p - input); - SCReturnInt(p - input); + SCReturnLongInt((long int)(p - input)); } -static int DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState +static long int DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); @@ -592,7 +593,7 @@ static int DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState sstate->dcerpc.call_id |= *(p + 14) << 8; sstate->dcerpc.call_id |= *(p + 15); sstate->bytesprocessed = DCERPC_HDR_LEN; - SCReturnInt(DCERPC_HDR_LEN); + SCReturnLongInt(16L); break; } else { sstate->dcerpc.rpc_vers = *(p++); @@ -647,21 +648,18 @@ static int DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState sstate->dcerpc.call_id |= *(p++); --input_len; break; - default: // SHOULD NEVER OCCUR - SCLogDebug("Odd"); - SCReturnInt(8); } } sstate->bytesprocessed += (p - input); - SCReturnInt(p - input); + SCReturnLongInt((long int)(p - input)); } static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); DCERPCState *sstate = (DCERPCState *)dcerpc_state; - uint32_t retval = 0; - uint32_t parsed = 0; + long int retval = 0; + long int parsed = 0; if (pstate == NULL) SCReturnInt(-1); @@ -793,7 +791,6 @@ static void DCERPCStateFree(void *s) { void RegisterDCERPCParsers(void) { AppLayerRegisterProto("dcerpc", ALPROTO_DCERPC, STREAM_TOSERVER, DCERPCParse); AppLayerRegisterProto("dcerpc", ALPROTO_DCERPC, STREAM_TOCLIENT, DCERPCParse); - AppLayerRegisterParser("dcerpc.hdr", ALPROTO_DCERPC, DCERPC_PARSE_DCERPC_HEADER, DCERPCParseHeader, "dcerpc"); AppLayerRegisterStateFuncs(ALPROTO_DCERPC, DCERPCStateAlloc, DCERPCStateFree); } diff --git a/src/app-layer-smb.c b/src/app-layer-smb.c index 7d0930c..d2ae1de 100644 --- a/src/app-layer-smb.c +++ b/src/app-layer-smb.c @@ -102,8 +102,9 @@ void hexdump(const void *buf, size_t len) { * \brief SMB Write AndX Request Parsing */ /* For WriteAndX we need to get writeandxdataoffset */ -static int SMBParseWriteAndX(Flow *f, void *smb_state, AppLayerParserState *pstate, +static long int SMBParseWriteAndX(Flow *f, void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { + SCEnter(); SMBState *sstate = (SMBState *) smb_state; uint8_t *p = input; switch (sstate->andx.andxbytesprocessed) { @@ -123,9 +124,8 @@ static int SMBParseWriteAndX(Flow *f, void *smb_state, AppLayerParserState *psta sstate->andx.dataoffset|= (uint64_t) *(p+25) << 48; sstate->andx.dataoffset|= (uint64_t) *(p+26) << 40; sstate->andx.dataoffset|= (uint64_t) *(p+27) << 32; - input_len -= 28; sstate->bytesprocessed += 28; - return 28; + SCReturnLongInt(28L); } else { sstate->andx.andxcommand = *(p++); if (!(--input_len)) break; @@ -230,19 +230,17 @@ static int SMBParseWriteAndX(Flow *f, void *smb_state, AppLayerParserState *psta sstate->andx.dataoffset|= (uint64_t) *(p++) << 32; --input_len; break; - default: - // SHOULD NEVER OCCUR - return 0; } sstate->bytesprocessed += (p - input); - return (p - input); + SCReturnLongInt((long int)(p - input)); } /** * \brief SMB Read AndX Response Parsing */ -static int SMBParseReadAndX(Flow *f, void *smb_state, AppLayerParserState *pstate, +static long int SMBParseReadAndX(Flow *f, void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { + SCEnter(); SMBState *sstate = (SMBState *) smb_state; uint8_t *p = input; switch (sstate->andx.andxbytesprocessed) { @@ -260,9 +258,8 @@ static int SMBParseReadAndX(Flow *f, void *smb_state, AppLayerParserState *pstat sstate->andx.datalength |= (uint64_t) *(p+15) << 48; sstate->andx.datalength |= (uint64_t) *(p+16) << 40; sstate->andx.datalength |= (uint64_t) *(p+17) << 32; - input_len -= 24; sstate->bytesprocessed += 24; - return 24; + SCReturnLongInt(24L); } else { sstate->andx.andxcommand = *(p++); if (!(--input_len)) break; @@ -331,20 +328,17 @@ static int SMBParseReadAndX(Flow *f, void *smb_state, AppLayerParserState *pstat p++; --input_len; break; - default: - // SHOULD NEVER OCCUR - return 0; } - return 0; sstate->bytesprocessed += (p - input); - return (p - input); + SCReturnLongInt((long int)(p - input)); } /** * Handle variable length padding for WriteAndX and ReadAndX */ -static int PaddingParser(void *smb_state, AppLayerParserState *pstate, +static long int PaddingParser(void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { + SCEnter(); SMBState *sstate = (SMBState *) smb_state; uint8_t *p = input; while ((uint32_t)(sstate->bytesprocessed + (p - input)) < sstate->andx.dataoffset && sstate->bytecount.bytecount-- && input_len--) { @@ -354,15 +348,16 @@ static int PaddingParser(void *smb_state, AppLayerParserState *pstate, sstate->andx.paddingparsed = 1; } sstate->bytesprocessed += (p - input); - return (p - input); + SCReturnLongInt((long int)(p - input)); } /** * \brief Parse WriteAndX and ReadAndX Data * \todo Hand off to DCERPC parser for DCERPC over SMB */ -static int DataParser(void *smb_state, AppLayerParserState *pstate, +static long int DataParser(void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { + SCEnter(); SMBState *sstate = (SMBState *) smb_state; uint8_t *p = input; @@ -373,7 +368,7 @@ static int DataParser(void *smb_state, AppLayerParserState *pstate, } } sstate->bytesprocessed += (p - input); - return (p - input); + SCReturnLongInt((long int)(p - input)); } @@ -382,7 +377,7 @@ static int DataParser(void *smb_state, AppLayerParserState *pstate, * Reset bytecount.bytecountbytes to 0. * Determine if this is an SMB AndX Command */ -static int SMBGetWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate, +static long int SMBGetWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); @@ -393,9 +388,9 @@ static int SMBGetWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate sstate->bytecount.bytecountbytes = 0; sstate->andx.isandx = isAndX(sstate); SCLogDebug("Wordcount (%u):", sstate->wordcount.wordcount); - SCReturnInt(1); + SCReturnLongInt(1L); } - SCReturnInt(0); + SCReturnLongInt(0L); } /* @@ -403,7 +398,7 @@ static int SMBGetWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate * is after the first bytecount byte. */ -static int SMBGetByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate, +static long int SMBGetByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); @@ -422,40 +417,40 @@ static int SMBGetByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate SCLogDebug("Bytecount %u", sstate->bytecount.bytecount); --input_len; } - SCReturnInt(p - input); + SCReturnLongInt((long int)(p - input)); } /** * \brief SMBParseWordCount parses the SMB Wordcount portion of the SMB Transaction. * until sstate->wordcount.wordcount bytes are parsed. */ -static int SMBParseWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate, +static long int SMBParseWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); SMBState *sstate = (SMBState *) smb_state; uint8_t *p = input; - uint32_t retval = 0; + long int retval = 0; uint32_t parsed = 0; if ((sstate->smb.flags & SMB_FLAGS_SERVER_TO_REDIR) && sstate->smb.command == SMB_COM_READ_ANDX) { retval = SMBParseReadAndX(f, sstate, pstate, input + parsed, input_len, output); parsed += retval; input_len -= retval; sstate->wordcount.wordcount -= retval; - return retval; + SCReturnLongInt(retval); } else if (((sstate->smb.flags & SMB_FLAGS_SERVER_TO_REDIR) == 0) && sstate->smb.command == SMB_COM_WRITE_ANDX) { retval = SMBParseWriteAndX(f, sstate, pstate, input + parsed, input_len, output); parsed += retval; input_len -= retval; sstate->wordcount.wordcount -= retval; - return retval; + SCReturnLongInt(retval); } else { /* Generic WordCount Handler */ while (sstate->wordcount.wordcount-- && input_len--) { SCLogDebug("0x%02x ", *p); p++; } sstate->bytesprocessed += (p - input); - SCReturnInt(p - input); + SCReturnLongInt((long int)(p - input)); } } @@ -464,14 +459,14 @@ static int SMBParseWordCount(Flow *f, void *smb_state, AppLayerParserState *psta * until sstate->bytecount.bytecount bytes are parsed. */ -static int SMBParseByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate, +static long int SMBParseByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); SMBState *sstate = (SMBState *) smb_state; uint8_t *p = input; - uint32_t retval = 0; - uint32_t parsed = 0; + long int retval = 0; + long int parsed = 0; if (((sstate->smb.flags & SMB_FLAGS_SERVER_TO_REDIR) && sstate->smb.command == SMB_COM_READ_ANDX) || (((sstate->smb.flags & SMB_FLAGS_SERVER_TO_REDIR) == 0) && sstate->smb.command == SMB_COM_WRITE_ANDX)) { if (sstate->andx.paddingparsed == 0) { @@ -484,23 +479,21 @@ static int SMBParseByteCount(Flow *f, void *smb_state, AppLayerParserState *psta parsed += retval; input_len -= retval; } + SCReturnLongInt(retval); } while (sstate->bytecount.bytecount && input_len) { SCLogDebug("0x%02x bytecount %u input_len %u", *p, sstate->bytecount.bytecount, input_len); p++; - sstate->wordcount.wordcount--; input_len--; } sstate->bytesprocessed += (p - input); - - SCReturnInt(p - input); + SCReturnLongInt((long int)(p - input)); } -//#define DEBUG 1 -static int NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate, +static long int NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); @@ -517,9 +510,8 @@ static int NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate sstate->nbss.length = (*(p + 1) & 0x01) << 16; sstate->nbss.length |= *(p + 2) << 8; sstate->nbss.length |= *(p + 3); - input_len -= NBSS_HDR_LEN; sstate->bytesprocessed += NBSS_HDR_LEN; - SCReturnInt(NBSS_HDR_LEN); + SCReturnLongInt(4L); } else { sstate->nbss.type = *(p++); if (!(--input_len)) break; @@ -534,16 +526,13 @@ static int NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate sstate->nbss.length |= *(p++); --input_len; break; - default: - SCReturnInt(-1); - break; } sstate->bytesprocessed += (p - input); } - SCReturnInt(p - input); + SCReturnLongInt((long int)(p - input)); } -static int SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate, +static long int SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); @@ -555,7 +544,7 @@ static int SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate, if (input_len >= SMB_HDR_LEN) { if (memcmp(p, "\xff\x53\x4d\x42", 4) != 0) { SCLogDebug("SMB Header did not validate"); - SCReturnInt(0); + SCReturnLongInt(0L); } sstate->smb.command = *(p + 4); sstate->smb.status = *(p + 5) << 24; @@ -583,9 +572,8 @@ static int SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate, sstate->smb.uid |= *(p + 29); sstate->smb.mid = *(p + 30) << 8; sstate->smb.mid |= *(p + 31); - input_len -= SMB_HDR_LEN; sstate->bytesprocessed += SMB_HDR_LEN; - SCReturnInt(SMB_HDR_LEN); + SCReturnLongInt(32L); break; } else { //sstate->smb.protocol[0] = *(p++); @@ -693,12 +681,10 @@ static int SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate, sstate->smb.mid |= *(p++); --input_len; break; - default: // SHOULD NEVER OCCUR - SCReturnInt(8); } } sstate->bytesprocessed += (p - input); - SCReturnInt(p - input); + SCReturnLongInt((long int)(p - input)); } static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, @@ -707,8 +693,8 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, SCEnter(); SMBState *sstate = (SMBState *) smb_state; - uint32_t retval = 0; - uint32_t parsed = 0; + long int retval = 0; + long int parsed = 0; if (pstate == NULL) SCReturnInt(-1); @@ -719,7 +705,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, parsed += retval; input_len -= retval; - SCLogDebug("NBSS Header (%u/%u) Type 0x%02x Length 0x%04x parsed %u input_len %u", + SCLogDebug("NBSS Header (%u/%u) Type 0x%02x Length 0x%04x parsed %ld input_len %u", sstate->bytesprocessed, NBSS_HDR_LEN, sstate->nbss.type, sstate->nbss.length, parsed, input_len); } @@ -732,7 +718,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, parsed, input_len, output); parsed += retval; input_len -= retval; - SCLogDebug("SMB Header (%u/%u) Command 0x%02x parsed %u input_len %u", + SCLogDebug("SMB Header (%u/%u) Command 0x%02x parsed %ld input_len %u", sstate->bytesprocessed, NBSS_HDR_LEN + SMB_HDR_LEN, sstate->smb.command, parsed, input_len); } @@ -744,7 +730,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, output); parsed += retval; input_len -= retval; - SCLogDebug("wordcount (%u) parsed %u input_len %u", + SCLogDebug("wordcount (%u) parsed %ld input_len %u", sstate->wordcount.wordcount, parsed, input_len); } @@ -795,6 +781,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, */ int isAndX(SMBState *smb_state) { + SCEnter(); switch (smb_state->smb.command) { case SMB_NO_SECONDARY_ANDX_COMMAND: case SMB_COM_LOCKING_ANDX: @@ -806,9 +793,9 @@ int isAndX(SMBState *smb_state) { case SMB_COM_TREE_CONNECT_ANDX: case SMB_COM_NT_CREATE_ANDX: smb_state->andx.andxbytesprocessed = 0; - return 1; + SCReturnInt(1); default: - return 0; + SCReturnInt(0); } } diff --git a/src/app-layer-smb2.c b/src/app-layer-smb2.c index 62ca877..a47cfd4 100644 --- a/src/app-layer-smb2.c +++ b/src/app-layer-smb2.c @@ -35,9 +35,9 @@ enum { SMB_FIELD_MAX, }; -//#define DEBUG 1 -static int NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate, +static long int NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { + SCEnter(); SMB2State *sstate = (SMB2State *) smb2_state; uint8_t *p = input; @@ -50,9 +50,8 @@ static int NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate, sstate->nbss.length = (*(p + 1) & 0x01) << 16; sstate->nbss.length |= *(p + 2) << 8; sstate->nbss.length |= *(p + 3); - input_len -= NBSS_HDR_LEN; sstate->bytesprocessed += NBSS_HDR_LEN; - return NBSS_HDR_LEN; + SCReturnLongInt(4L); } else { sstate->nbss.type = *(p++); if (!(--input_len)) break; @@ -67,17 +66,15 @@ static int NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate, sstate->nbss.length |= *(p++); --input_len; break; - default: - return -1; - break; } sstate->bytesprocessed += (p - input); } - return (p - input); + SCReturnLongInt((long int)(p - input)); } -static int SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate, +static long int SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { + SCEnter(); SMB2State *sstate = (SMB2State *) smb2_state; uint8_t *p = input; if (input_len) { @@ -148,9 +145,8 @@ static int SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate, sstate->smb2.Signature[13] = *(p + 61); sstate->smb2.Signature[14] = *(p + 62); sstate->smb2.Signature[15] = *(p + 63); - input_len -= SMB2_HDR_LEN; sstate->bytesprocessed += SMB2_HDR_LEN; - return SMB2_HDR_LEN; + SCReturnLongInt(64L); break; } else { //sstate->smb2.protocol[0] = *(p++); @@ -354,16 +350,15 @@ static int SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate, sstate->smb2.Signature[15] = *(p++); --input_len; break; - default: // SHOULD NEVER OCCUR - return 0; } } sstate->bytesprocessed += (p - input); - return (p - input); + SCReturnLongInt((long int)(p - input)); } static int SMB2Parse(Flow *f, void *smb2_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { + SCEnter(); SMB2State *sstate = (SMB2State *) smb2_state; uint32_t retval = 0; uint32_t parsed = 0; @@ -399,7 +394,7 @@ static int SMB2Parse(Flow *f, void *smb2_state, AppLayerParserState *pstate, } pstate->parse_field = 0; pstate->flags |= APP_LAYER_PARSER_DONE; - return 1; + SCReturnInt(1); } @@ -422,19 +417,6 @@ static void SMB2StateFree(void *s) { void RegisterSMB2Parsers(void) { AppLayerRegisterProto("smb", ALPROTO_SMB2, STREAM_TOSERVER, SMB2Parse); AppLayerRegisterProto("smb", ALPROTO_SMB2, STREAM_TOCLIENT, SMB2Parse); - /*AppLayerRegisterParser("nbss.hdr", ALPROTO_SMB, SMB_PARSE_NBSS_HEADER, - NBSSParseHeader, "smb"); - AppLayerRegisterParser("smb.hdr", ALPROTO_SMB, SMB_PARSE_SMB_HEADER, - SMBParseHeader, "smb"); - AppLayerRegisterParser("smb.getwordcount", ALPROTO_SMB, SMB_PARSE_GET_WORDCOUNT, - SMBGetWordCount, "smb"); - AppLayerRegisterParser("smb.wordcount", ALPROTO_SMB, SMB_PARSE_WORDCOUNT, - SMBParseWordCount, "smb"); - AppLayerRegisterParser("smb.getbytecount", ALPROTO_SMB, SMB_PARSE_GET_BYTECOUNT, - SMBGetByteCount, "smb"); - AppLayerRegisterParser("smb.bytecount", ALPROTO_SMB, SMB_PARSE_BYTECOUNT, - SMBParseByteCount, "smb"); - */ AppLayerRegisterStateFuncs(ALPROTO_SMB2, SMB2StateAlloc, SMB2StateFree); } diff --git a/src/util-debug.h b/src/util-debug.h index d7a1234..dc90697 100644 --- a/src/util-debug.h +++ b/src/util-debug.h @@ -376,6 +376,24 @@ extern int sc_log_module_cleaned; * of the DEBUG macro. Apart from logging function_exit logs, it also * processes the FD filters, if any FD filters are registered. This * function_exit macro should be used for functions that returns an + * integer value. + * + * \retval x Variable of type 'integer' that has to be returned + */ +#define SCReturnLongInt(x) do { \ + if (sc_log_global_log_level >= SC_LOG_DEBUG) { \ + SCLogDebug("Returning: %ld ... <<", x); \ + SCLogCheckFDFilterExit(__FUNCTION__); \ + } \ + return x; \ + } while(0) + +/** + * \brief Macro used to log debug messages on function exit. Comes under the + * debugging sybsystem, and hence will be enabled only in the presence + * of the DEBUG macro. Apart from logging function_exit logs, it also + * processes the FD filters, if any FD filters are registered. This + * function_exit macro should be used for functions that returns an * unsigned integer value. * * \retval x Variable of type 'unsigned integer' that has to be returned -- 1.6.5.2