From b4427e81ec962533384114786731138e2ec53dd5 Mon Sep 17 00:00:00 2001
From: Anoop Saldanha <poonaatsoc@gmail.com>
Date: Tue, 14 Jun 2011 13:01:39 +0530
Subject: [PATCH] minor fixes in endianness handling in dcerpc and dce
 detection engine

---
 src/app-layer-dcerpc.c         | 6 +++---
 src/detect-engine-dcepayload.c | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/app-layer-dcerpc.c b/src/app-layer-dcerpc.c
index 70cccdac71..6a08e75d7e 100644
--- a/src/app-layer-dcerpc.c
+++ b/src/app-layer-dcerpc.c
@@ -1047,7 +1047,7 @@ static uint32_t DCERPCParseREQUEST(DCERPC *dcerpc, uint8_t *input, uint32_t inpu
         case 21:
             /* context id 2 */
             dcerpc->dcerpcrequest.ctxid |= *(p++) << 8;
-            if (dcerpc->dcerpchdr.packed_drep[0] == 0x00) {
+            if (!(dcerpc->dcerpchdr.packed_drep[0] & 0x10)) {
                 dcerpc->dcerpcrequest.ctxid = SCByteSwap16(dcerpc->dcerpcrequest.ctxid);
             }
             dcerpc->dcerpcrequest.first_request_seen = 1;
@@ -1064,7 +1064,7 @@ static uint32_t DCERPCParseREQUEST(DCERPC *dcerpc, uint8_t *input, uint32_t inpu
         case 23:
             if (dcerpc->dcerpchdr.type == REQUEST) {
                 dcerpc->dcerpcrequest.opnum |= *(p++) << 8;
-                if (dcerpc->dcerpchdr.packed_drep[0] == 0x00) {
+                if (!(dcerpc->dcerpchdr.packed_drep[0] & 0x10)) {
                     dcerpc->dcerpcrequest.opnum = SCByteSwap16(dcerpc->dcerpcrequest.opnum);
                 }
             } else {
@@ -1288,7 +1288,7 @@ static int DCERPCParseHeader(DCERPC *dcerpc, uint8_t *input, uint32_t input_len)
                     break;
             case 15:
 			dcerpc->dcerpchdr.call_id |= *(p++) << 24;
-                if (dcerpc->dcerpchdr.packed_drep[0] == 0x00) {
+                if (!(dcerpc->dcerpchdr.packed_drep[0] & 0x10)) {
                     dcerpc->dcerpchdr.frag_length = SCByteSwap16(dcerpc->dcerpchdr.frag_length);
                     dcerpc->dcerpchdr.auth_length = SCByteSwap16(dcerpc->dcerpchdr.auth_length);
                     dcerpc->dcerpchdr.call_id = SCByteSwap32(dcerpc->dcerpchdr.call_id);
diff --git a/src/detect-engine-dcepayload.c b/src/detect-engine-dcepayload.c
index d554e5b4dc..5a5c9ad24d 100644
--- a/src/detect-engine-dcepayload.c
+++ b/src/detect-engine-dcepayload.c
@@ -383,7 +383,7 @@ static int DoInspectDcePayload(DetectEngineCtx *de_ctx,
             if (flags & DETECT_BYTETEST_DCE) {
                 /* enable the endianness flag temporarily.  once we are done
                  * processing we reset the flags to the original value*/
-                flags |= ((dcerpc_state->dcerpc.dcerpchdr.packed_drep[0] == 0x10) ?
+                flags |= ((dcerpc_state->dcerpc.dcerpchdr.packed_drep[0] & 0x10) ?
                           DETECT_BYTETEST_LITTLE: 0);
             }
 
@@ -408,7 +408,7 @@ static int DoInspectDcePayload(DetectEngineCtx *de_ctx,
             if (flags & DETECT_BYTEJUMP_DCE) {
                 /* enable the endianness flag temporarily.  once we are done
                  * processing we reset the flags to the original value*/
-                flags |= ((dcerpc_state->dcerpc.dcerpchdr.packed_drep[0] == 0x10) ?
+                flags |= ((dcerpc_state->dcerpc.dcerpchdr.packed_drep[0] & 0x10) ?
                           DETECT_BYTEJUMP_LITTLE : 0);
             }