smb2: add options for max read/write size

Add options for the max read/write size accepted by the parser.
pull/7262/head
Victor Julien 3 years ago
parent f28888513a
commit 5bcc4162f7

@ -73,6 +73,9 @@ pub enum SMBFrameType {
pub const MIN_REC_SIZE: u16 = 32 + 4; // SMB hdr + nbss hdr
pub const SMB_CONFIG_DEFAULT_STREAM_DEPTH: u32 = 0;
pub static mut SMB_CFG_MAX_READ_SIZE: u32 = 0;
pub static mut SMB_CFG_MAX_WRITE_SIZE: u32 = 0;
static mut ALPROTO_SMB: AppProto = ALPROTO_UNKNOWN;
pub static mut SURICATA_SMB_FILE_CONFIG: Option<&'static SuricataFileContext> = None;
@ -2407,9 +2410,23 @@ pub unsafe extern "C" fn rs_smb_register_parser() {
match get_memval(val) {
Ok(retval) => { stream_depth = retval as u32; }
Err(_) => { SCLogError!("Invalid depth value"); }
}
}
AppLayerParserSetStreamDepth(IPPROTO_TCP as u8, ALPROTO_SMB, stream_depth);
}
let retval = conf_get("app-layer.protocols.smb.max-read-size");
if let Some(val) = retval {
match get_memval(val) {
Ok(retval) => { SMB_CFG_MAX_READ_SIZE = retval as u32; }
Err(_) => { SCLogError!("Invalid max-read-size value"); }
}
}
let retval = conf_get("app-layer.protocols.smb.max-write-size");
if let Some(val) = retval {
match get_memval(val) {
Ok(retval) => { SMB_CFG_MAX_WRITE_SIZE = retval as u32; }
Err(_) => { SCLogError!("Invalid max-write-size value"); }
}
}
} else {
SCLogDebug!("Protocol detector and parser disabled for SMB.");
}

@ -128,7 +128,9 @@ pub fn smb2_read_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
return;
}
if state.max_read_size > 0 && rd.len > state.max_read_size {
if (state.max_read_size != 0 && rd.len > state.max_read_size) ||
(unsafe { SMB_CFG_MAX_READ_SIZE != 0 && SMB_CFG_MAX_READ_SIZE < rd.len })
{
state.set_event(SMBEvent::ReadResponseTooLarge);
state.set_skip(Direction::ToClient, rd.len, rd.data.len() as u32);
return;
@ -251,7 +253,8 @@ pub fn smb2_write_request_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
}
match parse_smb2_request_write(r.data) {
Ok((_, wr)) => {
if state.max_read_size != 0 && wr.wr_len > state.max_write_size {
if (state.max_write_size != 0 && wr.wr_len > state.max_write_size) ||
(unsafe { SMB_CFG_MAX_WRITE_SIZE != 0 && SMB_CFG_MAX_WRITE_SIZE < wr.wr_len }) {
state.set_event(SMBEvent::WriteRequestTooLarge);
state.set_skip(Direction::ToServer, wr.wr_len, wr.data.len() as u32);
return;
@ -492,7 +495,8 @@ pub fn smb2_request_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
SMB2_COMMAND_READ => {
match parse_smb2_request_read(r.data) {
Ok((_, rd)) => {
if state.max_read_size != 0 && rd.rd_len > state.max_read_size {
if (state.max_read_size != 0 && rd.rd_len > state.max_read_size) ||
(unsafe { SMB_CFG_MAX_READ_SIZE != 0 && SMB_CFG_MAX_READ_SIZE < rd.rd_len }) {
events.push(SMBEvent::ReadRequestTooLarge);
} else {
SCLogDebug!("SMBv2 READ: GUID {:?} requesting {} bytes at offset {}",

Loading…
Cancel
Save