aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

smb: do not use tree id to match request and response

Browse Source 
Completes commit e94920b49f

This must be true for access to state ssn2vecoffset_map

Ticket: #5161
pull/8209/head
Philippe Antoine 3 years ago committed by Victor Julien
parent 18b468742a
commit af44504550
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File

6
rust/src/smb/smb2.rs
Unescape Escape View File

@ -144,7 +144,7 @@ pub fn smb2_read_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
// get the request info. If we don't have it, there is nothing
// we can do except skip this record.
let guid_key = SMBCommonHdr::from2(r, SMBHDR_TYPE_OFFSET);
let guid_key = SMBCommonHdr::from2_notree(r, SMBHDR_TYPE_OFFSET);
let (offset, file_guid) = match state.ssn2vecoffset_map.remove(&guid_key) {
Some(o) => (o.offset, o.guid),
None => {
@ -548,7 +548,7 @@ pub fn smb2_request_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
rd.guid, rd.rd_len, rd.rd_offset);
// store read guid,offset in map
let guid_key = SMBCommonHdr::from2(r, SMBHDR_TYPE_OFFSET);
let guid_key = SMBCommonHdr::from2_notree(r, SMBHDR_TYPE_OFFSET);
let guidoff = SMBFileGUIDOffset::new(rd.guid.to_vec(), rd.rd_offset);
state.ssn2vecoffset_map.insert(guid_key, guidoff);
}
@ -696,7 +696,7 @@ pub fn smb2_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
} else if r.nt_status == SMB_NTSTATUS_END_OF_FILE {
SCLogDebug!("SMBv2: read response => EOF");
let guid_key = SMBCommonHdr::from2(r, SMBHDR_TYPE_OFFSET);
let guid_key = SMBCommonHdr::from2_notree(r, SMBHDR_TYPE_OFFSET);
let file_guid = match state.ssn2vecoffset_map.remove(&guid_key) {
Some(o) => o.guid,
_ => {

Write Preview
Loading…
Cancel
Save