aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixup smb/smb2/dcerpc wrt loops, debug printing, style.

Browse Source
remotes/origin/master-1.0.x
Victor Julien 15 years ago
parent 4c2782e971
commit f0be69dcd0
4 changed files with 134 additions and 124 deletions
Show Stats Download Patch File Download Diff File

1
src/Makefile.am
Unescape Escape View File

@ -148,6 +148,7 @@ app-layer-protos.h \
app-layer-htp.c app-layer-htp.h \
app-layer-tls.c app-layer-tls.h \
app-layer-smb.c app-layer-smb.h \
app-layer-smb2.c app-layer-smb2.h \
app-layer-dcerpc.c app-layer-dcerpc.h \
app-layer-ftp.c app-layer-ftp.h \
defrag.c defrag.h

52
src/app-layer-dcerpc.c
Unescape Escape View File

@ -250,7 +250,7 @@ static int DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pst
if (!(--input_len)) break;
case 24:
sstate->numctxitems = *(p++);
printf("numctxitems %d\n",sstate->numctxitems);
//printf("numctxitems %d\n",sstate->numctxitems);
//TAILQ_INIT(sstate.head);
if (!(--input_len)) break;
case 25:
@ -277,26 +277,26 @@ static int DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState *
DCERPCState *sstate = (DCERPCState *)dcerpc_state;
uint8_t *p = input;
switch(sstate->bytesprocessed) {
case 16:
sstate->secondaryaddrlen = *(p++) << 8;
if (!(--input_len)) break;
case 17:
sstate->secondaryaddrlen |= *(p++);
--input_len;
break;
case 16:
sstate->secondaryaddrlen = *(p++) << 8;
if (!(--input_len)) break;
case 17:
sstate->secondaryaddrlen |= *(p++);
--input_len;
break;
}
if (sstate->bytesprocessed > 17) { /* WRONG FOR NOW */
while (sstate->secondaryaddrlen && input_len) {
p++;
sstate->secondaryaddrlen--;
--input_len;
}
if (sstate->secondaryaddrlen == 0) {
while (sstate->secondaryaddrlen && input_len) {
p++;
sstate->secondaryaddrlen--;
--input_len;
}
if (sstate->secondaryaddrlen == 0) {
}
/* for padding we need to do bytesprocessed % 4 */
}
/* for padding we need to do bytesprocessed % 4 */
}
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
@ -405,32 +405,38 @@ static int DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState
static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state;
uint32_t retval = 0;
uint32_t parsed = 0;
if (pstate == NULL)
SCReturnInt(-1);
while (sstate->bytesprocessed < DCERPC_HDR_LEN) {
while (sstate->bytesprocessed < DCERPC_HDR_LEN && input_len) {
retval = DCERPCParseHeader(f, dcerpc_state, pstate, input, input_len,
output);
parsed += retval;
input_len -= retval;
}
switch (sstate->dcerpc.type) {
case BIND:
case ALTER_CONTEXT:
while (sstate->bytesprocessed < DCERPC_HDR_LEN + 12 &&
sstate->bytesprocessed < sstate->dcerpc.frag_length) {
sstate->bytesprocessed < sstate->dcerpc.frag_length &&
input_len) {
retval = DCERPCParseBIND(f, dcerpc_state, pstate, input + parsed, input_len,
output);
parsed += retval;
input_len -= retval;
}
while (sstate->numctxitems && sstate->bytesprocessed < sstate->dcerpc.frag_length) {
while (sstate->numctxitems && sstate->bytesprocessed < sstate->dcerpc.frag_length &&
input_len) {
retval = DCERPCParseCTXItem(f, dcerpc_state, pstate, input + parsed, input_len,
output);
if (sstate->ctxbytesprocessed == 44) {
sstate->ctxbytesprocessed = 0;
sstate->ctxbytesprocessed = 0;
}
parsed += retval;
input_len -= retval;
@ -438,19 +444,19 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
break;
case BIND_ACK:
case ALTER_CONTEXT_RESP:
while (sstate->bytesprocessed < DCERPC_HDR_LEN + 12) {
while (sstate->bytesprocessed < DCERPC_HDR_LEN + 12 && input_len) {
retval = DCERPCParseBINDACK(f, dcerpc_state, pstate, input + parsed, input_len,
output);
parsed += retval;
input_len -= retval;
}
while (sstate->numctxitems) {
while (sstate->numctxitems && input_len) {
retval = DCERPCParseCTXItem(f, dcerpc_state, pstate, input, input_len,
output);
parsed += retval;
input_len -= retval;
}
break;
break;
}
pstate->parse_field = 0;
pstate->flags |= APP_LAYER_PARSER_DONE;

120
src/app-layer-smb.c
Unescape Escape View File

@ -499,7 +499,7 @@ static int SMBParseByteCount(Flow *f, void *smb_state, AppLayerParserState *psta
SCReturnInt(p - input);
}
#define DEBUG 1
//#define DEBUG 1
static int NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{
@ -510,8 +510,8 @@ static int NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate
if (input_len && sstate->bytesprocessed < NBSS_HDR_LEN - 1) {
switch (sstate->bytesprocessed) {
case 0:
/* Initialize */
sstate->andx.andxcommand = SMB_NO_SECONDARY_ANDX_COMMAND;
/* Initialize */
sstate->andx.andxcommand = SMB_NO_SECONDARY_ANDX_COMMAND;
if (input_len >= NBSS_HDR_LEN) {
sstate->nbss.type = *p;
sstate->nbss.length = (*(p + 1) & 0x01) << 16;
@ -725,63 +725,63 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
}
switch(sstate->nbss.type) {
case NBSS_SESSION_MESSAGE:
while (input_len && (sstate->bytesprocessed >= NBSS_HDR_LEN &&
sstate->bytesprocessed < NBSS_HDR_LEN + SMB_HDR_LEN)) {
retval = SMBParseHeader(f, smb_state, pstate, input +
parsed, input_len, output);
parsed += retval;
input_len -= retval;
SCLogDebug("SMB Header (%u/%u) Command 0x%02x parsed %u input_len %u",
sstate->bytesprocessed, NBSS_HDR_LEN + SMB_HDR_LEN,
sstate->smb.command, parsed, input_len);
}
do {
if (input_len && (sstate->bytesprocessed == NBSS_HDR_LEN + SMB_HDR_LEN)) {
retval = SMBGetWordCount(f, smb_state, pstate,
input + parsed, input_len,
output);
parsed += retval;
input_len -= retval;
SCLogDebug("wordcount (%u) parsed %u input_len %u",
sstate->wordcount.wordcount, parsed, input_len);
}
while (input_len && (sstate->bytesprocessed >= NBSS_HDR_LEN + SMB_HDR_LEN + 1 &&
sstate->bytesprocessed < NBSS_HDR_LEN + SMB_HDR_LEN + 1
+ sstate->wordcount.wordcount)) {
retval = SMBParseWordCount(f, smb_state, pstate,
input + parsed, input_len,
output);
parsed += retval;
input_len -= retval;
}
while (input_len && (sstate->bytesprocessed >= NBSS_HDR_LEN + SMB_HDR_LEN +
1 + sstate->wordcount.wordcount && sstate->bytesprocessed < NBSS_HDR_LEN +
SMB_HDR_LEN + 3 + sstate->wordcount.wordcount)) {
retval = SMBGetByteCount(f, smb_state, pstate,
input + parsed, input_len,
output);
parsed += retval;
input_len -= retval;
}
while (input_len && (sstate->bytesprocessed >= NBSS_HDR_LEN +
SMB_HDR_LEN + 3 + sstate->wordcount.wordcount &&
sstate->bytesprocessed < NBSS_HDR_LEN + SMB_HDR_LEN + 3
+ sstate->wordcount.wordcount + sstate->bytecount.bytecount)) {
retval = SMBParseByteCount(f, smb_state, pstate,
input + parsed, input_len,
output);
parsed += retval;
input_len -= retval;
}
} while (sstate->andx.andxcommand != SMB_NO_SECONDARY_ANDX_COMMAND);
break;
default:
break;
case NBSS_SESSION_MESSAGE:
while (input_len && (sstate->bytesprocessed >= NBSS_HDR_LEN &&
sstate->bytesprocessed < NBSS_HDR_LEN + SMB_HDR_LEN)) {
retval = SMBParseHeader(f, smb_state, pstate, input +
parsed, input_len, output);
parsed += retval;
input_len -= retval;
SCLogDebug("SMB Header (%u/%u) Command 0x%02x parsed %u input_len %u",
sstate->bytesprocessed, NBSS_HDR_LEN + SMB_HDR_LEN,
sstate->smb.command, parsed, input_len);
}
do {
if (input_len && (sstate->bytesprocessed == NBSS_HDR_LEN + SMB_HDR_LEN)) {
retval = SMBGetWordCount(f, smb_state, pstate,
input + parsed, input_len,
output);
parsed += retval;
input_len -= retval;
SCLogDebug("wordcount (%u) parsed %u input_len %u",
sstate->wordcount.wordcount, parsed, input_len);
}
while (input_len && (sstate->bytesprocessed >= NBSS_HDR_LEN + SMB_HDR_LEN + 1 &&
sstate->bytesprocessed < NBSS_HDR_LEN + SMB_HDR_LEN + 1
+ sstate->wordcount.wordcount)) {
retval = SMBParseWordCount(f, smb_state, pstate,
input + parsed, input_len,
output);
parsed += retval;
input_len -= retval;
}
while (input_len && (sstate->bytesprocessed >= NBSS_HDR_LEN + SMB_HDR_LEN +
1 + sstate->wordcount.wordcount && sstate->bytesprocessed < NBSS_HDR_LEN +
SMB_HDR_LEN + 3 + sstate->wordcount.wordcount)) {
retval = SMBGetByteCount(f, smb_state, pstate,
input + parsed, input_len,
output);
parsed += retval;
input_len -= retval;
}
while (input_len && (sstate->bytesprocessed >= NBSS_HDR_LEN +
SMB_HDR_LEN + 3 + sstate->wordcount.wordcount &&
sstate->bytesprocessed < NBSS_HDR_LEN + SMB_HDR_LEN + 3
+ sstate->wordcount.wordcount + sstate->bytecount.bytecount)) {
retval = SMBParseByteCount(f, smb_state, pstate,
input + parsed, input_len,
output);
parsed += retval;
input_len -= retval;
}
} while (sstate->andx.andxcommand != SMB_NO_SECONDARY_ANDX_COMMAND && input_len);
break;
default:
break;
}
pstate->parse_field = 0;
pstate->flags |= APP_LAYER_PARSER_DONE;

85
src/app-layer-smb2.c
Unescape Escape View File

@ -22,6 +22,7 @@
#include "util-binsearch.h"
#include "util-unittest.h"
#include "util-debug.h"
#include "app-layer-smb2.h"
@ -34,7 +35,7 @@ enum {
SMB_FIELD_MAX,
};
#define DEBUG 1
//#define DEBUG 1
static int NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SMB2State *sstate = (SMB2State *) smb2_state;
@ -43,7 +44,7 @@ static int NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate,
if (input_len && sstate->bytesprocessed < NBSS_HDR_LEN - 1) {
switch (sstate->bytesprocessed) {
case 0:
/* Initialize */
/* Initialize */
if (input_len >= NBSS_HDR_LEN) {
sstate->nbss.type = *p;
sstate->nbss.length = (*(p + 1) & 0x01) << 16;
@ -84,7 +85,7 @@ static int SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate,
case 4:
if (input_len >= SMB2_HDR_LEN) {
if (memcmp(p, "\xfe\x53\x4d\x42", 4) != 0) {
printf("SMB2 Header did not validate\n");
//printf("SMB2 Header did not validate\n");
return 0;
}
sstate->smb2.StructureSize = *(p + 4);
@ -305,53 +306,53 @@ static int SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate,
sstate->smb2.SessionId |= (uint64_t) *(p++) << 56;
if (!(--input_len)) break;
case 52:
sstate->smb2.Signature[0] = *(p++);
sstate->smb2.Signature[0] = *(p++);
if (!(--input_len)) break;
case 53:
sstate->smb2.Signature[1] = *(p++);
sstate->smb2.Signature[1] = *(p++);
if (!(--input_len)) break;
case 54:
sstate->smb2.Signature[2] = *(p++);
sstate->smb2.Signature[2] = *(p++);
if (!(--input_len)) break;
case 55:
sstate->smb2.Signature[3] = *(p++);
sstate->smb2.Signature[3] = *(p++);
if (!(--input_len)) break;
case 56:
sstate->smb2.Signature[4] = *(p++);
sstate->smb2.Signature[4] = *(p++);
if (!(--input_len)) break;
case 57:
sstate->smb2.Signature[5] = *(p++);
sstate->smb2.Signature[5] = *(p++);
if (!(--input_len)) break;
case 58:
sstate->smb2.Signature[6] = *(p++);
sstate->smb2.Signature[6] = *(p++);
if (!(--input_len)) break;
case 59:
sstate->smb2.Signature[7] = *(p++);
sstate->smb2.Signature[7] = *(p++);
if (!(--input_len)) break;
case 60:
sstate->smb2.Signature[8] = *(p++);
sstate->smb2.Signature[8] = *(p++);
if (!(--input_len)) break;
case 61:
sstate->smb2.Signature[9] = *(p++);
sstate->smb2.Signature[9] = *(p++);
if (!(--input_len)) break;
case 62:
sstate->smb2.Signature[10] = *(p++);
sstate->smb2.Signature[10] = *(p++);
if (!(--input_len)) break;
case 63:
sstate->smb2.Signature[11] = *(p++);
sstate->smb2.Signature[11] = *(p++);
if (!(--input_len)) break;
case 64:
sstate->smb2.Signature[12] = *(p++);
sstate->smb2.Signature[12] = *(p++);
if (!(--input_len)) break;
case 65:
sstate->smb2.Signature[13] = *(p++);
sstate->smb2.Signature[13] = *(p++);
if (!(--input_len)) break;
case 66:
sstate->smb2.Signature[14] = *(p++);
sstate->smb2.Signature[14] = *(p++);
if (!(--input_len)) break;
case 67:
sstate->smb2.Signature[15] = *(p++);
--input_len;
sstate->smb2.Signature[15] = *(p++);
--input_len;
break;
default: // SHOULD NEVER OCCUR
return 0;
@ -361,7 +362,7 @@ static int SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate,
return (p - input);
}
static int SMB2Parse(void *smb2_state, AppLayerParserState *pstate,
static int SMB2Parse(Flow *f, void *smb2_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SMB2State *sstate = (SMB2State *) smb2_state;
uint32_t retval = 0;
@ -370,29 +371,31 @@ static int SMB2Parse(void *smb2_state, AppLayerParserState *pstate,
if (pstate == NULL)
return -1;
while (sstate->bytesprocessed < NBSS_HDR_LEN) {
retval = NBSSParseHeader(smb2_state, pstate, input, input_len, output);
parsed += retval;
input_len -= retval;
printf("\nNBSS Header (%u/%u) Type 0x%02x Length 0x%04x parsed %u input_len %u\n",
sstate->bytesprocessed, NBSS_HDR_LEN, sstate->nbss.type,
sstate->nbss.length, parsed, input_len);
while (sstate->bytesprocessed < NBSS_HDR_LEN && input_len) {
retval = NBSSParseHeader(smb2_state, pstate, input, input_len, output);
parsed += retval;
input_len -= retval;
SCLogDebug("NBSS Header (%u/%u) Type 0x%02x Length 0x%04x parsed %u input_len %u",
sstate->bytesprocessed, NBSS_HDR_LEN, sstate->nbss.type,
sstate->nbss.length, parsed, input_len);
}
switch(sstate->nbss.type) {
case NBSS_SESSION_MESSAGE:
while (input_len && (sstate->bytesprocessed >= NBSS_HDR_LEN &&
sstate->bytesprocessed < NBSS_HDR_LEN + SMB2_HDR_LEN)) {
retval = SMB2ParseHeader(smb2_state, pstate, input + parsed, input_len, output);
parsed += retval;
input_len -= retval;
printf("SMB2 Header (%u/%u) Command 0x%04x parsed %u input_len %u\n",
sstate->bytesprocessed, NBSS_HDR_LEN + SMB2_HDR_LEN,
sstate->smb2.Command, parsed, input_len);
}
break;
default:
break;
case NBSS_SESSION_MESSAGE:
while (input_len && (sstate->bytesprocessed >= NBSS_HDR_LEN &&
sstate->bytesprocessed < NBSS_HDR_LEN + SMB2_HDR_LEN)) {
retval = SMB2ParseHeader(smb2_state, pstate, input + parsed, input_len, output);
parsed += retval;
input_len -= retval;
SCLogDebug("SMB2 Header (%u/%u) Command 0x%04x parsed %u input_len %u",
sstate->bytesprocessed, NBSS_HDR_LEN + SMB2_HDR_LEN,
sstate->smb2.Command, parsed, input_len);
}
break;
default:
break;
}
pstate->parse_field = 0;
pstate->flags |= APP_LAYER_PARSER_DONE;

Write Preview
Loading…
Cancel
Save