aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rust: add SecBlobError custom error type for the Kerberos parser

Browse Source
pull/4624/head
Pierre Chifflier 6 years ago committed by Victor Julien
parent 030c9a3d86
commit 1ab8c5763c
3 changed files with 41 additions and 20 deletions
Show Stats Download Patch File Download Diff File

36
rust/src/kerberos.rs
Unescape Escape View File

@ -19,15 +19,36 @@ use kerberos_parser::krb5_parser::parse_ap_req;
use kerberos_parser::krb5::{ApReq,Realm,PrincipalName}; use kerberos_parser::krb5::{ApReq,Realm,PrincipalName};
use nom; use nom;
use nom::IResult; use nom::IResult;
use nom::error::ErrorKind; use nom::error::{ErrorKind, ParseError};
use nom::number::complete::le_u16; use nom::number::complete::le_u16;
use der_parser; use der_parser;
use der_parser::error::BerError;
use der_parser::der::parse_der_oid; use der_parser::der::parse_der_oid;
use crate::log::*; use crate::log::*;
pub const SECBLOB_NOT_SPNEGO : u32 = 128; #[derive(Debug)]
pub const SECBLOB_KRB_FMT_ERR : u32 = 129; pub enum SecBlobError {
NotSpNego,
KrbFmtError,
Ber(BerError),
NomError(ErrorKind),
}
impl From<BerError> for SecBlobError {
fn from(error: BerError) -> Self {
SecBlobError::Ber(error)
}
}
impl<I> ParseError<I> for SecBlobError {
fn from_error_kind(_input: I, kind: ErrorKind) -> Self {
SecBlobError::NomError(kind)
}
fn append(_input: I, kind: ErrorKind, _other: Self) -> Self {
SecBlobError::NomError(kind)
}
}
#[derive(Debug,PartialEq)] #[derive(Debug,PartialEq)]
pub struct Kerberos5Ticket { pub struct Kerberos5Ticket {
@ -35,11 +56,11 @@ pub struct Kerberos5Ticket {
pub sname: PrincipalName, pub sname: PrincipalName,
} }
fn parse_kerberos5_request_do(blob: &[u8]) -> IResult<&[u8], ApReq> fn parse_kerberos5_request_do(blob: &[u8]) -> IResult<&[u8], ApReq, SecBlobError>
{ {
let (_,b) = der_parser::parse_der(blob)?; let (_,b) = der_parser::parse_der(blob).map_err(|e| nom::Err::convert(e))?;
let blob = b.as_slice().or( let blob = b.as_slice().or(
Err(nom::Err::Error(error_position!(blob, ErrorKind::Custom(SECBLOB_KRB_FMT_ERR)))) Err(nom::Err::Error(SecBlobError::KrbFmtError))
)?; )?;
do_parse!( do_parse!(
blob, blob,
@ -52,9 +73,10 @@ fn parse_kerberos5_request_do(blob: &[u8]) -> IResult<&[u8], ApReq>
ap_req ap_req
}) })
) )
.map_err(|e| nom::Err::convert(e))
} }
pub fn parse_kerberos5_request(blob: &[u8]) -> IResult<&[u8], Kerberos5Ticket> pub fn parse_kerberos5_request(blob: &[u8]) -> IResult<&[u8], Kerberos5Ticket, SecBlobError>
{ {
let (rem, req) = parse_kerberos5_request_do(blob)?; let (rem, req) = parse_kerberos5_request_do(blob)?;
let t = Kerberos5Ticket { let t = Kerberos5Ticket {

6
rust/src/nfs/nfs4.rs
Unescape Escape View File

@ -29,12 +29,12 @@ use crate::nfs::rpc_records::*;
use crate::nfs::nfs_records::*; use crate::nfs::nfs_records::*;
use crate::nfs::nfs4_records::*; use crate::nfs::nfs4_records::*;
use crate::kerberos; use crate::kerberos::{parse_kerberos5_request, Kerberos5Ticket, SecBlobError};
named!(parse_req_gssapi<kerberos::Kerberos5Ticket>, named!(parse_req_gssapi<&[u8], Kerberos5Ticket, SecBlobError>,
do_parse!( do_parse!(
len: be_u32 len: be_u32
>> ap: flat_map!(take!(len), call!(kerberos::parse_kerberos5_request)) >> ap: flat_map!(take!(len), parse_kerberos5_request)
>> ( ap ) >> ( ap )
)); ));

19
rust/src/smb/auth.rs
Unescape Escape View File

@ -23,25 +23,24 @@ use crate::smb::smb::*;
use nom; use nom;
use nom::IResult; use nom::IResult;
use nom::error::ErrorKind;
use der_parser::ber::BerObjectContent; use der_parser::ber::BerObjectContent;
use der_parser::der::{parse_der_oid, parse_der_sequence}; use der_parser::der::{parse_der_oid, parse_der_sequence};
fn parse_secblob_get_spnego(blob: &[u8]) -> IResult<&[u8], &[u8]> fn parse_secblob_get_spnego(blob: &[u8]) -> IResult<&[u8], &[u8], SecBlobError>
{ {
let (rem, base_o) = der_parser::parse_der(blob)?; let (rem, base_o) = der_parser::parse_der(blob).map_err(|e| nom::Err::convert(e))?;
SCLogDebug!("parse_secblob_get_spnego: base_o {:?}", base_o); SCLogDebug!("parse_secblob_get_spnego: base_o {:?}", base_o);
let d = match base_o.content.as_slice() { let d = match base_o.content.as_slice() {
Err(_) => { return Err(nom::Err::Error(error_position!(blob,ErrorKind::Custom(SECBLOB_NOT_SPNEGO)))); }, Err(_) => { return Err(nom::Err::Error(SecBlobError::NotSpNego)); },
Ok(d) => d, Ok(d) => d,
}; };
let (next, o) = parse_der_oid(d)?; let (next, o) = parse_der_oid(d).map_err(|e| nom::Err::convert(e))?;
SCLogDebug!("parse_secblob_get_spnego: sub_o {:?}", o); SCLogDebug!("parse_secblob_get_spnego: sub_o {:?}", o);
let oid = match o.content.as_oid() { let oid = match o.content.as_oid() {
Ok(oid) => oid, Ok(oid) => oid,
Err(_) => { Err(_) => {
return Err(nom::Err::Error(error_position!(blob,ErrorKind::Custom(SECBLOB_NOT_SPNEGO)))); return Err(nom::Err::Error(SecBlobError::NotSpNego));
}, },
}; };
SCLogDebug!("oid {}", oid.to_string()); SCLogDebug!("oid {}", oid.to_string());
@ -51,7 +50,7 @@ fn parse_secblob_get_spnego(blob: &[u8]) -> IResult<&[u8], &[u8]>
SCLogDebug!("SPNEGO {}", oid); SCLogDebug!("SPNEGO {}", oid);
}, },
_ => { _ => {
return Err(nom::Err::Error(error_position!(blob,ErrorKind::Custom(SECBLOB_NOT_SPNEGO)))); return Err(nom::Err::Error(SecBlobError::NotSpNego));
}, },
} }
@ -60,16 +59,16 @@ fn parse_secblob_get_spnego(blob: &[u8]) -> IResult<&[u8], &[u8]>
Ok((rem, next)) Ok((rem, next))
} }
fn parse_secblob_spnego_start(blob: &[u8]) -> IResult<&[u8], &[u8]> fn parse_secblob_spnego_start(blob: &[u8]) -> IResult<&[u8], &[u8], SecBlobError>
{ {
let (rem, o) = der_parser::parse_der(blob)?; let (rem, o) = der_parser::parse_der(blob).map_err(|e| nom::Err::convert(e))?;
let d = match o.content.as_slice() { let d = match o.content.as_slice() {
Ok(d) => { Ok(d) => {
SCLogDebug!("d: next data len {}",d.len()); SCLogDebug!("d: next data len {}",d.len());
d d
}, },
_ => { _ => {
return Err(nom::Err::Error(error_position!(blob,ErrorKind::Custom(SECBLOB_NOT_SPNEGO)))); return Err(nom::Err::Error(SecBlobError::NotSpNego));
}, },
}; };
Ok((rem, d)) Ok((rem, d))

Write Preview
Loading…
Cancel
Save