smb1: parser cleanups

7 years ago · 7114d5d25b
parent d9e43d3e63
commit 7114d5d25b
2 changed files with 22 additions and 34 deletions
--- a/rust/src/smb/smb1_records.rs
+++ b/rust/src/smb/smb1_records.rs
@ -179,14 +179,14 @@ pub struct SmbPipeProtocolRecord<'a> {
 }

 named!(pub parse_smb_trans_request_record_pipe<SmbPipeProtocolRecord>,
-    dbg_dmp!(do_parse!(
+    do_parse!(
            fun: le_u16
        >>  fid: take!(2)
        >> (SmbPipeProtocolRecord {
                function: fun,
                fid: fid,
            })
-    ))
+    )
 );


@ -201,7 +201,7 @@ pub struct SmbRecordTransRequestParams<> {
 }

 named!(pub parse_smb_trans_request_record_params<(SmbRecordTransRequestParams, Option<SmbPipeProtocolRecord>)>,
-    dbg_dmp!(do_parse!(
+    do_parse!(
          wct: le_u8
       >> total_param_cnt: le_u16
       >> total_data_count: le_u16
@ -218,7 +218,7 @@ named!(pub parse_smb_trans_request_record_params<(SmbRecordTransRequestParams, O
       >> data_offset: le_u16
       >> setup_cnt: le_u8
       >> take!(1) // reserved
-       >> pipe: cond!(wct == 16 && setup_cnt == 2, parse_smb_trans_request_record_pipe) // reserved
+       >> pipe: cond!(wct == 16 && setup_cnt == 2, parse_smb_trans_request_record_pipe)
       >> bcc: le_u16
       >> (( SmbRecordTransRequestParams {
                max_data_cnt:max_data_cnt,
@ -228,7 +228,7 @@ named!(pub parse_smb_trans_request_record_params<(SmbRecordTransRequestParams, O
                data_offset:data_offset,
                bcc:bcc,
            },
-            pipe))))
+            pipe)))
 );

 #[derive(Debug,PartialEq)]
@ -284,31 +284,21 @@ pub fn parse_smb_trans_request_record<'a, 'b>(i: &'a[u8], r: &SmbRecord<'b>)
 {
    let (rem, (params, pipe)) = match parse_smb_trans_request_record_params(i) {
        IResult::Done(rem, (rd, p)) => (rem, (rd, p)),
-        IResult::Incomplete(ii) => {
-            return IResult::Incomplete(ii);
-        }
-        IResult::Error(e) => {
-            return IResult::Error(e);
-        }
+        IResult::Incomplete(ii) => { return IResult::Incomplete(ii); }
+        IResult::Error(e) => { return IResult::Error(e); }
    };
    let mut offset = 32 + (i.len() - rem.len()); // init with SMB header
    SCLogDebug!("params {:?}: offset {}", params, offset);

-    let name = if r.flags2 & 0x8000_u16 != 0 { // unicode
-        SCLogDebug!("unicode flag set");
+    let name = if r.has_unicode_support() {
        parse_smb_trans_request_tx_name_unicode(rem, offset)
    } else {
-        SCLogDebug!("unicode flag NOT set");
        parse_smb_trans_request_tx_name_ascii(rem)
    };
    let (rem2, n) = match name {
        IResult::Done(rem, rd) => (rem, rd),
-        IResult::Incomplete(ii) => {
-            return IResult::Incomplete(ii);
-        }
-        IResult::Error(e) => {
-            return IResult::Error(e);
-        }
+        IResult::Incomplete(ii) => { return IResult::Incomplete(ii); }
+        IResult::Error(e) => { return IResult::Error(e); }
    };
    offset += rem.len() - rem2.len();
    SCLogDebug!("n {:?}: offset {}", n, offset);
@ -338,12 +328,8 @@ pub fn parse_smb_trans_request_record<'a, 'b>(i: &'a[u8], r: &SmbRecord<'b>)
        let d = match parse_smb_trans_request_record_data(rem2,
                pad1, params.param_cnt, pad2, params.data_cnt) {
            IResult::Done(_, rd) => rd,
-                IResult::Incomplete(ii) => {
-                    return IResult::Incomplete(ii);
-                }
-            IResult::Error(e) => {
-                return IResult::Error(e);
-            }
+            IResult::Incomplete(ii) => { return IResult::Incomplete(ii); }
+            IResult::Error(e) => { return IResult::Error(e); }
        };
        SCLogDebug!("d {:?}", d);
        d
@ -620,6 +606,12 @@ pub struct SmbRecord<'a> {
    pub data: &'a[u8],
 }

+impl<'a> SmbRecord<'a> {
+    pub fn has_unicode_support(&self) -> bool {
+        self.flags2 & 0x8000_u16 != 0
+    }
+}
+
 named!(pub parse_smb_record<SmbRecord>,
    do_parse!(
            server_component: tag!(b"\xffSMB")
--- a/rust/src/smb/smb1_session.rs
+++ b/rust/src/smb/smb1_session.rs
@ -69,7 +69,7 @@ named!(pub get_nullterm_string<Vec<u8>>,

 pub fn smb1_session_setup_request_host_info(r: &SmbRecord, blob: &[u8]) -> SessionSetupRequest
 {
-    if blob.len() > 1 && r.flags2 & 0x8000_u16 != 0 {
+    if blob.len() > 1 && r.has_unicode_support() {
        let offset = r.data.len() - blob.len();
        let blob = if offset % 2 == 1 { &blob[1..] } else { blob };
        let (native_os, native_lm, primary_domain) = match get_unicode_string(blob) {
@ -120,15 +120,13 @@ pub fn smb1_session_setup_request_host_info(r: &SmbRecord, blob: &[u8]) -> Sessi

 pub fn smb1_session_setup_response_host_info(r: &SmbRecord, blob: &[u8]) -> SessionSetupResponse
 {
-    if blob.len() > 1 && r.flags2 & 0x8000_u16 != 0 {
+    if blob.len() > 1 && r.has_unicode_support() {
        let offset = r.data.len() - blob.len();
        let blob = if offset % 2 == 1 { &blob[1..] } else { blob };
        let (native_os, native_lm) = match get_unicode_string(blob) {
            IResult::Done(rem, n1) => {
                match get_unicode_string(rem) {
-                    IResult::Done(_, n2) => {
-                        (n1, n2)
-                    },
+                    IResult::Done(_, n2) => (n1, n2),
                    _ => { (n1, Vec::new()) },
                }
            },
@ -145,9 +143,7 @@ pub fn smb1_session_setup_response_host_info(r: &SmbRecord, blob: &[u8]) -> Sess
        let (native_os, native_lm) = match get_nullterm_string(blob) {
            IResult::Done(rem, n1) => {
                match get_nullterm_string(rem) {
-                    IResult::Done(_, n2) => {
-                        (n1, n2)
-                    },
+                    IResult::Done(_, n2) => (n1, n2),
                    _ => { (n1, Vec::new()) },
                }
            },