From 1ae22fd5de3155c356c1191759cb7c066498a93e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eloy=20P=C3=A9rez=20Gonz=C3=A1lez?= Date: Fri, 22 Oct 2021 13:52:14 +0200 Subject: [PATCH] smb/dce_iface: use DCERPC_TYPE_REQUEST The smb dce_iface keyword must match for all those dcerpc requests and responses sent in the context of the given interface. They are not matching because in rs_smb_tx_get_dce_iface, x.req_cmd is erroneously compared with 1. Fix this by comparing with DCERPC_TYPE_REQUEST instead. Ticket: 4767 --- rust/src/smb/detect.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rust/src/smb/detect.rs b/rust/src/smb/detect.rs index 1c77d74608..a6e1560a1a 100644 --- a/rust/src/smb/detect.rs +++ b/rust/src/smb/detect.rs @@ -173,7 +173,9 @@ pub extern "C" fn rs_smb_tx_get_dce_iface(state: &mut SMBState, let if_op = dce_data.op; let if_version = dce_data.version; let is_dcerpc_request = match tx.type_data { - Some(SMBTransactionTypeData::DCERPC(ref x)) => { x.req_cmd == 1 }, + Some(SMBTransactionTypeData::DCERPC(ref x)) => { + x.req_cmd == DCERPC_TYPE_REQUEST + }, _ => { false }, }; if !is_dcerpc_request {