aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

coverity - app-layer-smb2.c and app-layer-dcerpc-udp.c

Browse Source 
Fix this issue -
uint8_t p1;
uint64_t p2 = p1 << 24;

The p1 << 24, would give you an int, which if negative would result in sign
extension before being stored in p2.
remotes/origin/master-1.0.x
Anoop Saldanha 15 years ago committed by Victor Julien
parent d3d4eacfb4
commit 7a66f1095d
2 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File

4
src/app-layer-dcerpc-udp.c
Unescape Escape View File

@ -215,8 +215,8 @@ static int DCERPCUDPParseHeader(Flow *f, void *dcerpcudp_state,
sstate->dcerpc.dcerpchdrudp.seqnum |= *(p + 65) << 16;
sstate->dcerpc.dcerpchdrudp.seqnum |= *(p + 66) << 8;
sstate->dcerpc.dcerpchdrudp.seqnum |= *(p + 67);
sstate->dcerpc.dcerpchdrudp.opnum = *(p + 68) << 24;
sstate->dcerpc.dcerpchdrudp.opnum |= *(p + 69) << 16;
sstate->dcerpc.dcerpchdrudp.opnum = *(p + 68) << 8;
sstate->dcerpc.dcerpchdrudp.opnum |= *(p + 69);
sstate->dcerpc.dcerpchdrudp.ihint = *(p + 70) << 8;
sstate->dcerpc.dcerpchdrudp.ihint |= *(p + 71);
sstate->dcerpc.dcerpchdrudp.ahint = *(p + 72) << 8;

20
src/app-layer-smb2.c
Unescape Escape View File

@ -128,7 +128,7 @@ static uint32_t SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate,
sstate->smb2.MessageId = *(p + 24);
sstate->smb2.MessageId |= *(p + 25) << 8;
sstate->smb2.MessageId |= *(p + 26) << 16;
sstate->smb2.MessageId |= *(p + 27) << 24;
sstate->smb2.MessageId |= (uint64_t)*(p + 27) << 24;
sstate->smb2.MessageId |= (uint64_t) *(p + 28) << 32;
sstate->smb2.MessageId |= (uint64_t) *(p + 29) << 40;
sstate->smb2.MessageId |= (uint64_t) *(p + 30) << 48;
@ -144,7 +144,7 @@ static uint32_t SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate,
sstate->smb2.SessionId = *(p + 40);
sstate->smb2.SessionId |= *(p + 41) << 8;
sstate->smb2.SessionId |= *(p + 42) << 16;
sstate->smb2.SessionId |= *(p + 43) << 24;
sstate->smb2.SessionId |= (uint64_t)*(p + 43) << 24;
sstate->smb2.SessionId |= (uint64_t) *(p + 44) << 32;
sstate->smb2.SessionId |= (uint64_t) *(p + 45) << 40;
sstate->smb2.SessionId |= (uint64_t) *(p + 46) << 48;
@ -253,25 +253,25 @@ static uint32_t SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate,
sstate->smb2.MessageId = *(p++);
if (!(--input_len)) break;
case 29:
sstate->smb2.MessageId = *(p++) << 8;
sstate->smb2.MessageId |= *(p++) << 8;
if (!(--input_len)) break;
case 30:
sstate->smb2.MessageId = *(p++) << 16;
sstate->smb2.MessageId |= *(p++) << 16;
if (!(--input_len)) break;
case 31:
sstate->smb2.MessageId = *(p++) << 24;
sstate->smb2.MessageId |= (uint64_t)*(p++) << 24;
if (!(--input_len)) break;
case 32:
sstate->smb2.MessageId = (uint64_t) *(p++) << 32;
sstate->smb2.MessageId |= (uint64_t) *(p++) << 32;
if (!(--input_len)) break;
case 33:
sstate->smb2.MessageId = (uint64_t) *(p++) << 40;
sstate->smb2.MessageId |= (uint64_t) *(p++) << 40;
if (!(--input_len)) break;
case 34:
sstate->smb2.MessageId = (uint64_t) *(p++) << 48;
sstate->smb2.MessageId |= (uint64_t) *(p++) << 48;
if (!(--input_len)) break;
case 35:
sstate->smb2.MessageId = (uint64_t) *(p++) << 56;
sstate->smb2.MessageId |= (uint64_t) *(p++) << 56;
if (!(--input_len)) break;
case 36:
sstate->smb2.ProcessId = *(p++);
@ -307,7 +307,7 @@ static uint32_t SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate,
sstate->smb2.SessionId |= *(p++) << 16;
if (!(--input_len)) break;
case 47:
sstate->smb2.SessionId |= *(p++) << 24;
sstate->smb2.SessionId |= (uint64_t)*(p++) << 24;
if (!(--input_len)) break;
case 48:
sstate->smb2.SessionId |= (uint64_t) *(p++) << 32;

Write Preview
Loading…
Cancel
Save