diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs index ee1f8b2e4f..b32a8acd3b 100644 --- a/rust/src/smb/smb.rs +++ b/rust/src/smb/smb.rs @@ -497,8 +497,7 @@ impl SMBCommonHdr { _ => r.tree_id, }; let msg_id = match rec_type { - SMBHDR_TYPE_TRANS_FRAG => { 0 }, - SMBHDR_TYPE_SHARE => { 0 }, + SMBHDR_TYPE_TRANS_FRAG | SMBHDR_TYPE_SHARE => { 0 }, _ => { r.message_id as u64 }, }; @@ -516,8 +515,7 @@ impl SMBCommonHdr { _ => r.tree_id as u32, }; let msg_id = match rec_type { - SMBHDR_TYPE_TRANS_FRAG => { 0 }, - SMBHDR_TYPE_SHARE => { 0 }, + SMBHDR_TYPE_TRANS_FRAG | SMBHDR_TYPE_SHARE => { 0 }, _ => { r.multiplex_id as u64 }, }; diff --git a/rust/src/smb/smb1.rs b/rust/src/smb/smb1.rs index 90756e28a9..6330aa4988 100644 --- a/rust/src/smb/smb1.rs +++ b/rust/src/smb/smb1.rs @@ -170,7 +170,7 @@ fn smb1_close_file(state: &mut SMBState, fid: &Vec) } pub fn smb1_request_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>) -> u32 { - SCLogDebug!("record: {:?} command {}", r.greeter, r.command); + SCLogDebug!("record: command {}: record {:?}", r.command, r); let mut events : Vec = Vec::new(); let mut no_response_expected = false; diff --git a/rust/src/smb/smb1_records.rs b/rust/src/smb/smb1_records.rs index c1c663bc4e..0f5d9a5d8f 100644 --- a/rust/src/smb/smb1_records.rs +++ b/rust/src/smb/smb1_records.rs @@ -146,7 +146,6 @@ named!(pub parse_smb_connect_tree_andx_response_record { - pub len: usize, pub share: &'a[u8], } @@ -156,11 +155,10 @@ named!(pub parse_smb_connect_tree_andx_record, >> pwlen: le_u16 >> bcc: le_u16 >> pw: take!(pwlen) - >> share: take!(bcc - (6 + pwlen)) + >> share: cond!(bcc >= (6 + pwlen), take!(bcc - (6 + pwlen))) >> service: take!(6) >> (SmbRecordTreeConnectAndX { - len:bcc as usize - (6 + pwlen as usize) as usize, - share:share, + share: share.unwrap_or(&[]), })) ); @@ -404,7 +402,6 @@ named!(pub parse_smb_setup_andx_record, >> skip2: take!(8) >> bcc: le_u16 >> sec_blob: take!(sec_blob_len) - //>> skip3: rest >> (SmbRecordSetupAndX { sec_blob:sec_blob, })) @@ -460,7 +457,7 @@ pub struct SmbRequestReadAndXRecord<'a> { named!(pub parse_smb_read_andx_request_record, do_parse!( - wtc: le_u8 + wct: le_u8 >> andx_command: le_u8 >> take!(1) // reserved >> andx_offset: le_u16 @@ -470,8 +467,7 @@ named!(pub parse_smb_read_andx_request_record, >> take!(2) >> max_count_high: le_u32 >> take!(2) - >> high_offset: cond!(wtc==12,le_u32) // only from wtc ==12? - + >> high_offset: cond!(wct==12,le_u32) // only from wct ==12? >> (SmbRequestReadAndXRecord { fid:fid, size: (((max_count_high as u64) << 16)|max_count_low as u64), @@ -487,7 +483,7 @@ pub struct SmbResponseReadAndXRecord<'a> { named!(pub parse_smb_read_andx_response_record, do_parse!( - wtc: le_u8 + wct: le_u8 >> andx_command: le_u8 >> take!(1) // reserved >> andx_offset: le_u16 @@ -587,9 +583,6 @@ named!(pub parse_smb_version, #[derive(Debug,PartialEq)] pub struct SmbRecord<'a> { - //pub nbss_hdr: NbssRecord<'a>, - pub greeter: &'a[u8], - pub command: u8, pub is_dos_error: bool, pub nt_status: u32, @@ -614,7 +607,7 @@ impl<'a> SmbRecord<'a> { named!(pub parse_smb_record, do_parse!( - server_component: tag!(b"\xffSMB") + tag!(b"\xffSMB") >> command:le_u8 >> nt_status:le_u32 >> flags:le_u8 @@ -629,7 +622,6 @@ named!(pub parse_smb_record, >> data: rest >> (SmbRecord { - greeter:server_component, command:command, nt_status:nt_status, flags:flags, diff --git a/rust/src/smb/smb2_records.rs b/rust/src/smb/smb2_records.rs index 3ee2430e0f..c750e3939b 100644 --- a/rust/src/smb/smb2_records.rs +++ b/rust/src/smb/smb2_records.rs @@ -368,7 +368,7 @@ named!(pub parse_smb2_response_write, named!(pub parse_smb2_response_record, do_parse!( - server_component: tag!(b"\xfeSMB") + tag!(b"\xfeSMB") >> hlen: le_u16 >> credit_charge: le_u16 >> nt_status: le_u32 @@ -400,7 +400,7 @@ named!(pub parse_smb2_response_record, tree_id: tree_id, session_id: session_id, command:command, - data: if data_c != None { data_c.unwrap() } else { data_r.unwrap() } + data: data_c.or(data_r).unwrap() }) ));