|
|
|
@ -222,6 +222,8 @@ static uint32_t DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state,
|
|
|
|
sstate->version |= *(p + 21) << 8;
|
|
|
|
sstate->version |= *(p + 21) << 8;
|
|
|
|
sstate->versionminor = *(p + 22);
|
|
|
|
sstate->versionminor = *(p + 22);
|
|
|
|
sstate->versionminor |= *(p + 23) << 8;
|
|
|
|
sstate->versionminor |= *(p + 23) << 8;
|
|
|
|
|
|
|
|
if (sstate->ctxid == sstate->numctxitems
|
|
|
|
|
|
|
|
- sstate->numctxitemsleft) {
|
|
|
|
sstate->uuid_entry = (struct uuid_entry *) calloc(1,
|
|
|
|
sstate->uuid_entry = (struct uuid_entry *) calloc(1,
|
|
|
|
sizeof(struct uuid_entry));
|
|
|
|
sizeof(struct uuid_entry));
|
|
|
|
if (sstate->uuid_entry == NULL) {
|
|
|
|
if (sstate->uuid_entry == NULL) {
|
|
|
|
@ -235,11 +237,16 @@ static uint32_t DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state,
|
|
|
|
TAILQ_INSERT_HEAD(&sstate->uuid_list, sstate->uuid_entry,
|
|
|
|
TAILQ_INSERT_HEAD(&sstate->uuid_list, sstate->uuid_entry,
|
|
|
|
next);
|
|
|
|
next);
|
|
|
|
//printUUID("BIND", sstate->uuid_entry);
|
|
|
|
//printUUID("BIND", sstate->uuid_entry);
|
|
|
|
}
|
|
|
|
|
|
|
|
sstate->numctxitemsleft--;
|
|
|
|
sstate->numctxitemsleft--;
|
|
|
|
sstate->bytesprocessed += (44);
|
|
|
|
sstate->bytesprocessed += (44);
|
|
|
|
sstate->ctxbytesprocessed += (44);
|
|
|
|
sstate->ctxbytesprocessed += (44);
|
|
|
|
SCReturnUInt(44U);
|
|
|
|
SCReturnUInt(44U);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
SCLogDebug("ctxitem %u, expected %u\n", sstate->ctxid,
|
|
|
|
|
|
|
|
sstate->numctxitems - sstate->numctxitemsleft);
|
|
|
|
|
|
|
|
SCReturnUInt(0);
|
|
|
|
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
sstate->ctxid = *(p++);
|
|
|
|
sstate->ctxid = *(p++);
|
|
|
|
if (!(--input_len))
|
|
|
|
if (!(--input_len))
|
|
|
|
@ -416,7 +423,11 @@ static uint32_t DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state,
|
|
|
|
if (!(--input_len))
|
|
|
|
if (!(--input_len))
|
|
|
|
break;
|
|
|
|
break;
|
|
|
|
case 43:
|
|
|
|
case 43:
|
|
|
|
sstate->numctxitemsleft--;
|
|
|
|
p++;
|
|
|
|
|
|
|
|
--input_len;
|
|
|
|
|
|
|
|
if (sstate->ctxid == sstate->numctxitems - sstate->numctxitemsleft) {
|
|
|
|
|
|
|
|
sstate->uuid_entry = (struct uuid_entry *) calloc(1,
|
|
|
|
|
|
|
|
sizeof(struct uuid_entry));
|
|
|
|
if (sstate->uuid_entry == NULL) {
|
|
|
|
if (sstate->uuid_entry == NULL) {
|
|
|
|
SCReturnUInt(0);
|
|
|
|
SCReturnUInt(0);
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
@ -425,10 +436,19 @@ static uint32_t DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state,
|
|
|
|
sstate->uuid_entry->ctxid = sstate->ctxid;
|
|
|
|
sstate->uuid_entry->ctxid = sstate->ctxid;
|
|
|
|
sstate->uuid_entry->version = sstate->version;
|
|
|
|
sstate->uuid_entry->version = sstate->version;
|
|
|
|
sstate->uuid_entry->versionminor = sstate->versionminor;
|
|
|
|
sstate->uuid_entry->versionminor = sstate->versionminor;
|
|
|
|
TAILQ_INSERT_HEAD(&sstate->uuid_list, sstate->uuid_entry, next);
|
|
|
|
TAILQ_INSERT_HEAD(&sstate->uuid_list, sstate->uuid_entry,
|
|
|
|
|
|
|
|
next);
|
|
|
|
|
|
|
|
//printUUID("BIND", sstate->uuid_entry);
|
|
|
|
|
|
|
|
sstate->numctxitemsleft--;
|
|
|
|
|
|
|
|
sstate->bytesprocessed += (44);
|
|
|
|
|
|
|
|
sstate->ctxbytesprocessed += (44);
|
|
|
|
|
|
|
|
SCReturnUInt(44U);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
SCLogDebug("ctxitem %u, expected %u\n", sstate->ctxid,
|
|
|
|
|
|
|
|
sstate->numctxitems - sstate->numctxitemsleft);
|
|
|
|
|
|
|
|
SCReturnUInt(0);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
p++;
|
|
|
|
|
|
|
|
--input_len;
|
|
|
|
|
|
|
|
break;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@ -822,6 +842,7 @@ static uint32_t StubDataParser(Flow *f, void *dcerpc_state,
|
|
|
|
SCEnter();
|
|
|
|
SCEnter();
|
|
|
|
DCERPCState *sstate = (DCERPCState *) dcerpc_state;
|
|
|
|
DCERPCState *sstate = (DCERPCState *) dcerpc_state;
|
|
|
|
uint8_t *p = input;
|
|
|
|
uint8_t *p = input;
|
|
|
|
|
|
|
|
sstate->stub_data = input;
|
|
|
|
while (sstate->padleft-- && input_len--) {
|
|
|
|
while (sstate->padleft-- && input_len--) {
|
|
|
|
SCLogDebug("0x%02x ", *p);
|
|
|
|
SCLogDebug("0x%02x ", *p);
|
|
|
|
p++;
|
|
|
|
p++;
|
|
|
|
@ -1194,6 +1215,7 @@ static void DCERPCStateFree(void *s) {
|
|
|
|
struct uuid_entry *item;
|
|
|
|
struct uuid_entry *item;
|
|
|
|
|
|
|
|
|
|
|
|
while ((item = TAILQ_FIRST(&sstate->uuid_list))) {
|
|
|
|
while ((item = TAILQ_FIRST(&sstate->uuid_list))) {
|
|
|
|
|
|
|
|
//printUUID("Free", item);
|
|
|
|
TAILQ_REMOVE(&sstate->uuid_list, item, next);
|
|
|
|
TAILQ_REMOVE(&sstate->uuid_list, item, next);
|
|
|
|
free(item);
|
|
|
|
free(item);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@ -1640,6 +1662,7 @@ int DCERPCParserTest01(void) {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#if KNOWNFAILURE
|
|
|
|
#if KNOWNFAILURE
|
|
|
|
printf("Sending dcerpcrequest (%u)", requestlen);
|
|
|
|
printf("Sending dcerpcrequest (%u)", requestlen);
|
|
|
|
|
|
|
|
hexdump(dcerpcrequest, requestlen);
|
|
|
|
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_EOF, dcerpcrequest, requestlen, FALSE);
|
|
|
|
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_EOF, dcerpcrequest, requestlen, FALSE);
|
|
|
|
if (r != 0) {
|
|
|
|
if (r != 0) {
|
|
|
|
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
|
|
|
|
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
|
|
|
|
|
Kirby Kuehl
15 years ago
committed by
Victor Julien