From 1606aca881c5ba1c2cccbbe0de78530d47a4d8a1 Mon Sep 17 00:00:00 2001 From: Sascha Steinbiss Date: Fri, 30 Jun 2023 00:20:12 +0200 Subject: [PATCH] rfb: ensure logging of incompletely parsed txs --- rust/src/rfb/rfb.rs | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/rust/src/rfb/rfb.rs b/rust/src/rfb/rfb.rs index 940417e831..a3c89c31df 100644 --- a/rust/src/rfb/rfb.rs +++ b/rust/src/rfb/rfb.rs @@ -274,6 +274,7 @@ impl RFBState { Err(_) => { if let Some(current_transaction) = self.get_current_tx() { current_transaction.set_event(RFBEvent::MalformedMessage); + current_transaction.complete = true; } // We failed to parse the security type. // Continue the flow but stop trying to map the protocol. @@ -312,6 +313,7 @@ impl RFBState { Err(_) => { if let Some(current_transaction) = self.get_current_tx() { current_transaction.set_event(RFBEvent::MalformedMessage); + current_transaction.complete = true; } // Continue the flow but stop trying to map the protocol. self.state = parser::RFBGlobalState::Skip; @@ -348,6 +350,7 @@ impl RFBState { Err(_) => { if let Some(current_transaction) = self.get_current_tx() { current_transaction.set_event(RFBEvent::MalformedMessage); + current_transaction.complete = true; } // We failed to parse the client init. // Continue the flow but stop trying to map the protocol. @@ -371,6 +374,7 @@ impl RFBState { SCLogDebug!("Invalid state for request: {}", self.state); if let Some(current_transaction) = self.get_current_tx() { current_transaction.set_event(RFBEvent::ConfusedState); + current_transaction.complete = true; } self.state = parser::RFBGlobalState::Skip; return AppLayerResult::ok(); @@ -479,6 +483,7 @@ impl RFBState { Err(_) => { if let Some(current_transaction) = self.get_current_tx() { current_transaction.set_event(RFBEvent::MalformedMessage); + current_transaction.complete = true; } // Continue the flow but stop trying to map the protocol. self.state = parser::RFBGlobalState::Skip; @@ -511,6 +516,7 @@ impl RFBState { if let Some(current_transaction) = self.get_current_tx() { current_transaction .set_event(RFBEvent::UnimplementedSecurityType); + current_transaction.complete = true; } else { debug_validate_fail!( "no transaction set at security type stage" @@ -542,6 +548,7 @@ impl RFBState { Err(_) => { if let Some(current_transaction) = self.get_current_tx() { current_transaction.set_event(RFBEvent::MalformedMessage); + current_transaction.complete = true; } // Continue the flow but stop trying to map the protocol. self.state = parser::RFBGlobalState::Skip; @@ -579,6 +586,7 @@ impl RFBState { Err(_) => { if let Some(current_transaction) = self.get_current_tx() { current_transaction.set_event(RFBEvent::MalformedMessage); + current_transaction.complete = true; } // Continue the flow but stop trying to map the protocol. self.state = parser::RFBGlobalState::Skip; @@ -614,6 +622,7 @@ impl RFBState { } else { if let Some(current_transaction) = self.get_current_tx() { current_transaction.set_event(RFBEvent::UnknownSecurityResult); + current_transaction.complete = true; } // Continue the flow but stop trying to map the protocol. self.state = parser::RFBGlobalState::Skip; @@ -629,6 +638,7 @@ impl RFBState { Err(_) => { if let Some(current_transaction) = self.get_current_tx() { current_transaction.set_event(RFBEvent::MalformedMessage); + current_transaction.complete = true; } // Continue the flow but stop trying to map the protocol. self.state = parser::RFBGlobalState::Skip; @@ -655,6 +665,7 @@ impl RFBState { Err(_) => { if let Some(current_transaction) = self.get_current_tx() { current_transaction.set_event(RFBEvent::MalformedMessage); + current_transaction.complete = true; } // Continue the flow but stop trying to map the protocol. self.state = parser::RFBGlobalState::Skip; @@ -695,6 +706,7 @@ impl RFBState { Err(_) => { if let Some(current_transaction) = self.get_current_tx() { current_transaction.set_event(RFBEvent::MalformedMessage); + current_transaction.complete = true; } // Continue the flow but stop trying to map the protocol. self.state = parser::RFBGlobalState::Skip; @@ -718,6 +730,7 @@ impl RFBState { SCLogDebug!("Invalid state for response: {}", self.state); if let Some(current_transaction) = self.get_current_tx() { current_transaction.set_event(RFBEvent::ConfusedState); + current_transaction.complete = true; } self.state = parser::RFBGlobalState::Skip; return AppLayerResult::ok();