From edf0d1e462a93c6adb2bffa991e4a4e60eb0e345 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 5 Jan 2010 09:23:41 -0600 Subject: [PATCH] 64 bit portability --- src/app-layer-dcerpc.c | 77 +++++++++++++++++++++------------------ src/app-layer-smb.c | 95 +++++++++++++++++++++--------------------------- src/app-layer-smb2.c | 38 +++++-------------- 3 files changed, 93 insertions(+), 117 deletions(-) diff --git a/src/app-layer-dcerpc.c b/src/app-layer-dcerpc.c index 0970196..35de702 100644 --- a/src/app-layer-dcerpc.c +++ b/src/app-layer-dcerpc.c @@ -46,7 +46,7 @@ void printUUID(char *type, struct uuid_entry *uuid) { printf(" Major Version 0x%04x Minor Version 0x%04x\n", uuid->version, uuid->versionminor); } -static int DCERPCParseSecondaryAddr(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, +static uint32_t DCERPCParseSecondaryAddr(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); @@ -57,11 +57,12 @@ static int DCERPCParseSecondaryAddr(Flow *f, void *dcerpc_state, AppLayerParserS p++; } sstate->bytesprocessed += (p - input); - SCReturnInt(p - input); + SCReturnUInt((uint32_t)(p - input)); } -static int PaddingParser(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, +static uint32_t PaddingParser(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { + SCEnter(); DCERPCState *sstate = (DCERPCState *)dcerpc_state; uint8_t *p = input; while (sstate->padleft-- && input_len--) { @@ -69,10 +70,10 @@ static int PaddingParser(Flow *f, void *dcerpc_state, AppLayerParserState *pstat p++; } sstate->bytesprocessed += (p - input); - return (p - input); + SCReturnUInt((uint32_t)(p - input)); } -static int DCERPCGetCTXItems(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, +static uint32_t DCERPCGetCTXItems(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); DCERPCState *sstate = (DCERPCState *)dcerpc_state; @@ -80,16 +81,17 @@ static int DCERPCGetCTXItems(Flow *f, void *dcerpc_state, AppLayerParserState *p if (input_len) { switch(sstate->ctxbytesprocessed) { case 0: - /*if (input_len >= 4) { + if (input_len >= 4) { sstate->numctxitems = *p; sstate->numctxitemsleft = sstate->numctxitems; - sstate->ctxbytesprocessed += (4); - SCReturnInt(4); - } else { */ + sstate->ctxbytesprocessed += 4; + sstate->bytesprocessed += 4; + SCReturnUInt(4U); + } else { sstate->numctxitems = *(p++); sstate->numctxitemsleft = sstate->numctxitems; if (!(--input_len)) break; - //} + } case 1: p++; if (!(--input_len)) break; @@ -104,11 +106,11 @@ static int DCERPCGetCTXItems(Flow *f, void *dcerpc_state, AppLayerParserState *p } sstate->ctxbytesprocessed += (p - input); sstate->bytesprocessed += (p - input); - SCReturnInt(p - input); + SCReturnUInt((uint32_t)(p - input)); } -static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { +static uint32_t DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); DCERPCState *sstate = (DCERPCState *)dcerpc_state; uint8_t *p = input; @@ -141,7 +143,7 @@ static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserSta sstate->versionminor |= *(p + 23) << 8; sstate->uuid_entry = (struct uuid_entry *) calloc(1, sizeof(struct uuid_entry)); if (sstate->uuid_entry == NULL) { - SCReturnInt(-1); + SCReturnUInt(0); } else { memcpy(sstate->uuid_entry->uuid, sstate->uuid, sizeof(sstate->uuid)); @@ -149,12 +151,12 @@ static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserSta sstate->uuid_entry->version = sstate->version; sstate->uuid_entry->versionminor = sstate->versionminor; TAILQ_INSERT_HEAD(&sstate->uuid_list, sstate->uuid_entry, next); - printUUID("BIND", sstate->uuid_entry); + //printUUID("BIND", sstate->uuid_entry); } sstate->numctxitemsleft--; sstate->bytesprocessed += (44); sstate->ctxbytesprocessed += (44); - SCReturnInt(44); + SCReturnUInt(44U); } else { sstate->ctxid = *(p++); if (!(--input_len)) break; @@ -290,7 +292,7 @@ static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserSta case 43: sstate->numctxitemsleft--; if (sstate->uuid_entry == NULL) { - SCReturnInt(-1); + SCReturnUInt(0); } else { memcpy(sstate->uuid_entry->uuid, sstate->uuid, sizeof(sstate->uuid)); @@ -306,10 +308,10 @@ static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserSta } sstate->ctxbytesprocessed += (p - input); sstate->bytesprocessed += (p - input); - SCReturnInt(p - input); + SCReturnUInt((uint32_t)(p - input)); } -static int DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { +static uint32_t DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); DCERPCState *sstate = (DCERPCState *)dcerpc_state; uint8_t *p = input; @@ -323,14 +325,14 @@ static int DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParser TAILQ_FOREACH(uuid_entry, &sstate->uuid_list, next) { if(uuid_entry->ctxid == sstate->numctxitems - sstate->numctxitemsleft) { uuid_entry->result = sstate->result; - printUUID("BIND_ACK", uuid_entry); + //printUUID("BIND_ACK", uuid_entry); break; } } sstate->numctxitemsleft--; sstate->bytesprocessed += (24); sstate->ctxbytesprocessed += (24); - SCReturnInt(24); + SCReturnUInt(24U); } else { sstate->result = *(p++); if (!(--input_len)) break; @@ -407,7 +409,7 @@ static int DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParser TAILQ_FOREACH(uuid_entry, &sstate->uuid_list, next) { if(uuid_entry->ctxid == sstate->numctxitems - sstate->numctxitemsleft) { uuid_entry->result = sstate->result; - printUUID("BIND_ACK", uuid_entry); + //printUUID("BIND_ACK", uuid_entry); break; } } @@ -420,10 +422,10 @@ static int DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParser } sstate->ctxbytesprocessed += (p - input); sstate->bytesprocessed += (p - input); - SCReturnInt(p - input); + SCReturnUInt((uint32_t)(p - input)); } -static int DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, +static uint32_t DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); DCERPCState *sstate = (DCERPCState *)dcerpc_state; @@ -437,7 +439,7 @@ static int DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pst sstate->numctxitems = *(p+8); sstate->numctxitemsleft = sstate->numctxitems; sstate->bytesprocessed += 12; - SCReturnInt(12); + SCReturnUInt(12U); } else { /* max_xmit_frag */ p++; @@ -492,10 +494,10 @@ static int DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pst } } sstate->bytesprocessed += (p - input); - SCReturnInt(p - input); + SCReturnUInt((uint32_t)(p - input)); } -static int DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { +static uint32_t DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); DCERPCState *sstate = (DCERPCState *)dcerpc_state; uint8_t *p = input; @@ -508,7 +510,7 @@ static int DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState * sstate->secondaryaddrlen |= *(p+9) << 8; sstate->secondaryaddrlenleft = sstate->secondaryaddrlen; sstate->bytesprocessed += 10; - SCReturnInt(10); + SCReturnUInt(10U); } else { /* max_xmit_frag */ p++; @@ -553,10 +555,10 @@ static int DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState * break; } sstate->bytesprocessed += (p - input); - SCReturnInt(p - input); + SCReturnUInt((uint32_t)(p - input)); } -static int DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState +static uint32_t DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); @@ -592,7 +594,7 @@ static int DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState sstate->dcerpc.call_id |= *(p + 14) << 8; sstate->dcerpc.call_id |= *(p + 15); sstate->bytesprocessed = DCERPC_HDR_LEN; - SCReturnInt(DCERPC_HDR_LEN); + SCReturnUInt(16U); break; } else { sstate->dcerpc.rpc_vers = *(p++); @@ -647,13 +649,10 @@ static int DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState sstate->dcerpc.call_id |= *(p++); --input_len; break; - default: // SHOULD NEVER OCCUR - SCLogDebug("Odd"); - SCReturnInt(8); } } sstate->bytesprocessed += (p - input); - SCReturnInt(p - input); + SCReturnUInt((uint32_t)(p - input)); } static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { @@ -672,6 +671,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, parsed += retval; input_len -= retval; } + SCLogDebug("Done with DCERPCParseHeader bytesprocessed %u\n", sstate->bytesprocessed); switch (sstate->dcerpc.type) { case BIND: @@ -684,6 +684,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, parsed += retval; input_len -= retval; } + SCLogDebug("Done with DCERPCParseBIND bytesprocessed %u\n", sstate->bytesprocessed); while (sstate->numctxitemsleft && sstate->bytesprocessed < sstate->dcerpc.frag_length && input_len) { @@ -695,6 +696,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, parsed += retval; input_len -= retval; } + SCLogDebug("Done with DCERPCParseBINDCTXItem bytesprocessed %u\n", sstate->bytesprocessed); if (sstate->bytesprocessed == sstate->dcerpc.frag_length) { sstate->bytesprocessed = 0; @@ -711,6 +713,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, parsed += retval; input_len -= retval; } + SCLogDebug("Done with DCERPCParseBINDACK bytesprocessed %u\n", sstate->bytesprocessed); while (sstate->bytesprocessed < DCERPC_HDR_LEN + 10 + sstate->secondaryaddrlen && input_len--) { retval = DCERPCParseSecondaryAddr(f, dcerpc_state, pstate, input + parsed, input_len, @@ -718,11 +721,13 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, parsed += retval; input_len -= retval; } + SCLogDebug("Done with DCERPCParseSecondaryAddr bytesprocessed %u\n", sstate->bytesprocessed); if(sstate->bytesprocessed == DCERPC_HDR_LEN + 10 + sstate->secondaryaddrlen) { sstate->pad = sstate->bytesprocessed % 4; sstate->padleft = sstate->pad; } + SCLogDebug("pad %u\n", sstate->pad); while (sstate->bytesprocessed < DCERPC_HDR_LEN + 10 + sstate->secondaryaddrlen + sstate->pad && input_len--) { retval = PaddingParser(f, dcerpc_state, pstate, input + parsed, input_len, @@ -730,6 +735,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, parsed += retval; input_len -= retval; } + SCLogDebug("Done with PaddingParser bytesprocessed %u\n", sstate->bytesprocessed); while(sstate->bytesprocessed >= DCERPC_HDR_LEN + 10 + sstate->pad + sstate->secondaryaddrlen && sstate->bytesprocessed < DCERPC_HDR_LEN + 14 + sstate->pad + sstate->secondaryaddrlen) { @@ -738,6 +744,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, parsed += retval; input_len -= retval; } + SCLogDebug("Done with DCERPCGetCTXItems bytesprocessed %u\n", sstate->bytesprocessed); if (sstate->bytesprocessed == DCERPC_HDR_LEN + 14 + sstate->pad + sstate->secondaryaddrlen) { sstate->ctxbytesprocessed = 0; @@ -752,6 +759,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, parsed += retval; input_len -= retval; } + SCLogDebug("Done with DCERPCParseBINDACKCTXItem bytesprocessed %u\n", sstate->bytesprocessed); if (sstate->bytesprocessed == sstate->dcerpc.frag_length) { sstate->bytesprocessed = 0; @@ -793,7 +801,6 @@ static void DCERPCStateFree(void *s) { void RegisterDCERPCParsers(void) { AppLayerRegisterProto("dcerpc", ALPROTO_DCERPC, STREAM_TOSERVER, DCERPCParse); AppLayerRegisterProto("dcerpc", ALPROTO_DCERPC, STREAM_TOCLIENT, DCERPCParse); - AppLayerRegisterParser("dcerpc.hdr", ALPROTO_DCERPC, DCERPC_PARSE_DCERPC_HEADER, DCERPCParseHeader, "dcerpc"); AppLayerRegisterStateFuncs(ALPROTO_DCERPC, DCERPCStateAlloc, DCERPCStateFree); } diff --git a/src/app-layer-smb.c b/src/app-layer-smb.c index 7d0930c..743871e 100644 --- a/src/app-layer-smb.c +++ b/src/app-layer-smb.c @@ -102,8 +102,9 @@ void hexdump(const void *buf, size_t len) { * \brief SMB Write AndX Request Parsing */ /* For WriteAndX we need to get writeandxdataoffset */ -static int SMBParseWriteAndX(Flow *f, void *smb_state, AppLayerParserState *pstate, +static uint32_t SMBParseWriteAndX(Flow *f, void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { + SCEnter(); SMBState *sstate = (SMBState *) smb_state; uint8_t *p = input; switch (sstate->andx.andxbytesprocessed) { @@ -123,9 +124,8 @@ static int SMBParseWriteAndX(Flow *f, void *smb_state, AppLayerParserState *psta sstate->andx.dataoffset|= (uint64_t) *(p+25) << 48; sstate->andx.dataoffset|= (uint64_t) *(p+26) << 40; sstate->andx.dataoffset|= (uint64_t) *(p+27) << 32; - input_len -= 28; sstate->bytesprocessed += 28; - return 28; + SCReturnUInt(28U); } else { sstate->andx.andxcommand = *(p++); if (!(--input_len)) break; @@ -230,19 +230,17 @@ static int SMBParseWriteAndX(Flow *f, void *smb_state, AppLayerParserState *psta sstate->andx.dataoffset|= (uint64_t) *(p++) << 32; --input_len; break; - default: - // SHOULD NEVER OCCUR - return 0; } sstate->bytesprocessed += (p - input); - return (p - input); + SCReturnUInt((uint32_t)(p - input)); } /** * \brief SMB Read AndX Response Parsing */ -static int SMBParseReadAndX(Flow *f, void *smb_state, AppLayerParserState *pstate, +static uint32_t SMBParseReadAndX(Flow *f, void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { + SCEnter(); SMBState *sstate = (SMBState *) smb_state; uint8_t *p = input; switch (sstate->andx.andxbytesprocessed) { @@ -260,9 +258,8 @@ static int SMBParseReadAndX(Flow *f, void *smb_state, AppLayerParserState *pstat sstate->andx.datalength |= (uint64_t) *(p+15) << 48; sstate->andx.datalength |= (uint64_t) *(p+16) << 40; sstate->andx.datalength |= (uint64_t) *(p+17) << 32; - input_len -= 24; sstate->bytesprocessed += 24; - return 24; + SCReturnUInt(24U); } else { sstate->andx.andxcommand = *(p++); if (!(--input_len)) break; @@ -331,20 +328,17 @@ static int SMBParseReadAndX(Flow *f, void *smb_state, AppLayerParserState *pstat p++; --input_len; break; - default: - // SHOULD NEVER OCCUR - return 0; } - return 0; sstate->bytesprocessed += (p - input); - return (p - input); + SCReturnUInt((uint32_t)(p - input)); } /** * Handle variable length padding for WriteAndX and ReadAndX */ -static int PaddingParser(void *smb_state, AppLayerParserState *pstate, +static uint32_t PaddingParser(void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { + SCEnter(); SMBState *sstate = (SMBState *) smb_state; uint8_t *p = input; while ((uint32_t)(sstate->bytesprocessed + (p - input)) < sstate->andx.dataoffset && sstate->bytecount.bytecount-- && input_len--) { @@ -354,15 +348,16 @@ static int PaddingParser(void *smb_state, AppLayerParserState *pstate, sstate->andx.paddingparsed = 1; } sstate->bytesprocessed += (p - input); - return (p - input); + SCReturnUInt((uint32_t)(p - input)); } /** * \brief Parse WriteAndX and ReadAndX Data * \todo Hand off to DCERPC parser for DCERPC over SMB */ -static int DataParser(void *smb_state, AppLayerParserState *pstate, +static uint32_t DataParser(void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { + SCEnter(); SMBState *sstate = (SMBState *) smb_state; uint8_t *p = input; @@ -373,7 +368,7 @@ static int DataParser(void *smb_state, AppLayerParserState *pstate, } } sstate->bytesprocessed += (p - input); - return (p - input); + SCReturnUInt((uint32_t)(p - input)); } @@ -382,7 +377,7 @@ static int DataParser(void *smb_state, AppLayerParserState *pstate, * Reset bytecount.bytecountbytes to 0. * Determine if this is an SMB AndX Command */ -static int SMBGetWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate, +static uint32_t SMBGetWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); @@ -393,9 +388,9 @@ static int SMBGetWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate sstate->bytecount.bytecountbytes = 0; sstate->andx.isandx = isAndX(sstate); SCLogDebug("Wordcount (%u):", sstate->wordcount.wordcount); - SCReturnInt(1); + SCReturnUInt(1U); } - SCReturnInt(0); + SCReturnUInt(0); } /* @@ -403,7 +398,7 @@ static int SMBGetWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate * is after the first bytecount byte. */ -static int SMBGetByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate, +static uint32_t SMBGetByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); @@ -422,14 +417,14 @@ static int SMBGetByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate SCLogDebug("Bytecount %u", sstate->bytecount.bytecount); --input_len; } - SCReturnInt(p - input); + SCReturnUInt((uint32_t)(p - input)); } /** * \brief SMBParseWordCount parses the SMB Wordcount portion of the SMB Transaction. * until sstate->wordcount.wordcount bytes are parsed. */ -static int SMBParseWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate, +static uint32_t SMBParseWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); @@ -442,20 +437,20 @@ static int SMBParseWordCount(Flow *f, void *smb_state, AppLayerParserState *psta parsed += retval; input_len -= retval; sstate->wordcount.wordcount -= retval; - return retval; + SCReturnUInt(retval); } else if (((sstate->smb.flags & SMB_FLAGS_SERVER_TO_REDIR) == 0) && sstate->smb.command == SMB_COM_WRITE_ANDX) { retval = SMBParseWriteAndX(f, sstate, pstate, input + parsed, input_len, output); parsed += retval; input_len -= retval; sstate->wordcount.wordcount -= retval; - return retval; + SCReturnUInt(retval); } else { /* Generic WordCount Handler */ while (sstate->wordcount.wordcount-- && input_len--) { SCLogDebug("0x%02x ", *p); p++; } sstate->bytesprocessed += (p - input); - SCReturnInt(p - input); + SCReturnUInt((uint32_t)(p - input)); } } @@ -464,7 +459,7 @@ static int SMBParseWordCount(Flow *f, void *smb_state, AppLayerParserState *psta * until sstate->bytecount.bytecount bytes are parsed. */ -static int SMBParseByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate, +static uint32_t SMBParseByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); @@ -484,23 +479,21 @@ static int SMBParseByteCount(Flow *f, void *smb_state, AppLayerParserState *psta parsed += retval; input_len -= retval; } + SCReturnUInt(retval); } while (sstate->bytecount.bytecount && input_len) { SCLogDebug("0x%02x bytecount %u input_len %u", *p, sstate->bytecount.bytecount, input_len); p++; - sstate->wordcount.wordcount--; input_len--; } sstate->bytesprocessed += (p - input); - - SCReturnInt(p - input); + SCReturnUInt((uint32_t)(p - input)); } -//#define DEBUG 1 -static int NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate, +static uint32_t NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); @@ -517,9 +510,8 @@ static int NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate sstate->nbss.length = (*(p + 1) & 0x01) << 16; sstate->nbss.length |= *(p + 2) << 8; sstate->nbss.length |= *(p + 3); - input_len -= NBSS_HDR_LEN; sstate->bytesprocessed += NBSS_HDR_LEN; - SCReturnInt(NBSS_HDR_LEN); + SCReturnUInt(4U); } else { sstate->nbss.type = *(p++); if (!(--input_len)) break; @@ -534,16 +526,13 @@ static int NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate sstate->nbss.length |= *(p++); --input_len; break; - default: - SCReturnInt(-1); - break; } sstate->bytesprocessed += (p - input); } - SCReturnInt(p - input); + SCReturnUInt((uint32_t)(p - input)); } -static int SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate, +static uint32_t SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { SCEnter(); @@ -555,7 +544,7 @@ static int SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate, if (input_len >= SMB_HDR_LEN) { if (memcmp(p, "\xff\x53\x4d\x42", 4) != 0) { SCLogDebug("SMB Header did not validate"); - SCReturnInt(0); + SCReturnUInt(0); } sstate->smb.command = *(p + 4); sstate->smb.status = *(p + 5) << 24; @@ -583,9 +572,8 @@ static int SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate, sstate->smb.uid |= *(p + 29); sstate->smb.mid = *(p + 30) << 8; sstate->smb.mid |= *(p + 31); - input_len -= SMB_HDR_LEN; sstate->bytesprocessed += SMB_HDR_LEN; - SCReturnInt(SMB_HDR_LEN); + SCReturnUInt(32U); break; } else { //sstate->smb.protocol[0] = *(p++); @@ -693,12 +681,10 @@ static int SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate, sstate->smb.mid |= *(p++); --input_len; break; - default: // SHOULD NEVER OCCUR - SCReturnInt(8); } } sstate->bytesprocessed += (p - input); - SCReturnInt(p - input); + SCReturnUInt((uint32_t)(p - input)); } static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, @@ -707,8 +693,8 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, SCEnter(); SMBState *sstate = (SMBState *) smb_state; - uint32_t retval = 0; - uint32_t parsed = 0; + long int retval = 0; + long int parsed = 0; if (pstate == NULL) SCReturnInt(-1); @@ -719,7 +705,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, parsed += retval; input_len -= retval; - SCLogDebug("NBSS Header (%u/%u) Type 0x%02x Length 0x%04x parsed %u input_len %u", + SCLogDebug("NBSS Header (%u/%u) Type 0x%02x Length 0x%04x parsed %ld input_len %u", sstate->bytesprocessed, NBSS_HDR_LEN, sstate->nbss.type, sstate->nbss.length, parsed, input_len); } @@ -732,7 +718,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, parsed, input_len, output); parsed += retval; input_len -= retval; - SCLogDebug("SMB Header (%u/%u) Command 0x%02x parsed %u input_len %u", + SCLogDebug("SMB Header (%u/%u) Command 0x%02x parsed %ld input_len %u", sstate->bytesprocessed, NBSS_HDR_LEN + SMB_HDR_LEN, sstate->smb.command, parsed, input_len); } @@ -744,7 +730,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, output); parsed += retval; input_len -= retval; - SCLogDebug("wordcount (%u) parsed %u input_len %u", + SCLogDebug("wordcount (%u) parsed %ld input_len %u", sstate->wordcount.wordcount, parsed, input_len); } @@ -795,6 +781,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, */ int isAndX(SMBState *smb_state) { + SCEnter(); switch (smb_state->smb.command) { case SMB_NO_SECONDARY_ANDX_COMMAND: case SMB_COM_LOCKING_ANDX: @@ -806,9 +793,9 @@ int isAndX(SMBState *smb_state) { case SMB_COM_TREE_CONNECT_ANDX: case SMB_COM_NT_CREATE_ANDX: smb_state->andx.andxbytesprocessed = 0; - return 1; + SCReturnInt(1); default: - return 0; + SCReturnInt(0); } } diff --git a/src/app-layer-smb2.c b/src/app-layer-smb2.c index 62ca877..80059f8 100644 --- a/src/app-layer-smb2.c +++ b/src/app-layer-smb2.c @@ -35,9 +35,9 @@ enum { SMB_FIELD_MAX, }; -//#define DEBUG 1 -static int NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate, +static uint32_t NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { + SCEnter(); SMB2State *sstate = (SMB2State *) smb2_state; uint8_t *p = input; @@ -50,9 +50,8 @@ static int NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate, sstate->nbss.length = (*(p + 1) & 0x01) << 16; sstate->nbss.length |= *(p + 2) << 8; sstate->nbss.length |= *(p + 3); - input_len -= NBSS_HDR_LEN; sstate->bytesprocessed += NBSS_HDR_LEN; - return NBSS_HDR_LEN; + SCReturnUInt(4U); } else { sstate->nbss.type = *(p++); if (!(--input_len)) break; @@ -67,17 +66,15 @@ static int NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate, sstate->nbss.length |= *(p++); --input_len; break; - default: - return -1; - break; } sstate->bytesprocessed += (p - input); } - return (p - input); + SCReturnUInt((uint32_t)(p - input)); } -static int SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate, +static uint32_t SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { + SCEnter(); SMB2State *sstate = (SMB2State *) smb2_state; uint8_t *p = input; if (input_len) { @@ -148,9 +145,8 @@ static int SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate, sstate->smb2.Signature[13] = *(p + 61); sstate->smb2.Signature[14] = *(p + 62); sstate->smb2.Signature[15] = *(p + 63); - input_len -= SMB2_HDR_LEN; sstate->bytesprocessed += SMB2_HDR_LEN; - return SMB2_HDR_LEN; + SCReturnUInt(64U); break; } else { //sstate->smb2.protocol[0] = *(p++); @@ -354,16 +350,15 @@ static int SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate, sstate->smb2.Signature[15] = *(p++); --input_len; break; - default: // SHOULD NEVER OCCUR - return 0; } } sstate->bytesprocessed += (p - input); - return (p - input); + SCReturnUInt((uint32_t)(p - input)); } static int SMB2Parse(Flow *f, void *smb2_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { + SCEnter(); SMB2State *sstate = (SMB2State *) smb2_state; uint32_t retval = 0; uint32_t parsed = 0; @@ -399,7 +394,7 @@ static int SMB2Parse(Flow *f, void *smb2_state, AppLayerParserState *pstate, } pstate->parse_field = 0; pstate->flags |= APP_LAYER_PARSER_DONE; - return 1; + SCReturnInt(1); } @@ -422,19 +417,6 @@ static void SMB2StateFree(void *s) { void RegisterSMB2Parsers(void) { AppLayerRegisterProto("smb", ALPROTO_SMB2, STREAM_TOSERVER, SMB2Parse); AppLayerRegisterProto("smb", ALPROTO_SMB2, STREAM_TOCLIENT, SMB2Parse); - /*AppLayerRegisterParser("nbss.hdr", ALPROTO_SMB, SMB_PARSE_NBSS_HEADER, - NBSSParseHeader, "smb"); - AppLayerRegisterParser("smb.hdr", ALPROTO_SMB, SMB_PARSE_SMB_HEADER, - SMBParseHeader, "smb"); - AppLayerRegisterParser("smb.getwordcount", ALPROTO_SMB, SMB_PARSE_GET_WORDCOUNT, - SMBGetWordCount, "smb"); - AppLayerRegisterParser("smb.wordcount", ALPROTO_SMB, SMB_PARSE_WORDCOUNT, - SMBParseWordCount, "smb"); - AppLayerRegisterParser("smb.getbytecount", ALPROTO_SMB, SMB_PARSE_GET_BYTECOUNT, - SMBGetByteCount, "smb"); - AppLayerRegisterParser("smb.bytecount", ALPROTO_SMB, SMB_PARSE_BYTECOUNT, - SMBParseByteCount, "smb"); - */ AppLayerRegisterStateFuncs(ALPROTO_SMB2, SMB2StateAlloc, SMB2StateFree); } -- 1.6.5.2