aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix endless loop. Change dce parser to accept ctx ids that always start with a ctx with a 0 ctx id

Browse Source
remotes/origin/master-1.0.x
Anoop Saldanha 15 years ago committed by Victor Julien
parent 8c774a1e2a
commit 361cf14f50
1 changed files with 15 additions and 14 deletions
Show Stats Download Patch File Download Diff File

29
src/app-layer-dcerpc.c
Unescape Escape View File

@ -236,8 +236,8 @@ static uint32_t DCERPCParseBINDCTXItem(DCERPC *dcerpc, uint8_t *input, uint32_t
dcerpc->dcerpcbindbindack.version |= *(p + 21) << 8; dcerpc->dcerpcbindbindack.version |= *(p + 21) << 8;
dcerpc->dcerpcbindbindack.versionminor = *(p + 22); dcerpc->dcerpcbindbindack.versionminor = *(p + 22);
dcerpc->dcerpcbindbindack.versionminor |= *(p + 23) << 8; dcerpc->dcerpcbindbindack.versionminor |= *(p + 23) << 8;
if (dcerpc->dcerpcbindbindack.ctxid == dcerpc->dcerpcbindbindack.numctxitems //if (dcerpc->dcerpcbindbindack.ctxid == dcerpc->dcerpcbindbindack.numctxitems
- dcerpc->dcerpcbindbindack.numctxitemsleft) { // - dcerpc->dcerpcbindbindack.numctxitemsleft) {
dcerpc->dcerpcbindbindack.uuid_entry = (DCERPCUuidEntry *) SCCalloc(1, dcerpc->dcerpcbindbindack.uuid_entry = (DCERPCUuidEntry *) SCCalloc(1,
sizeof(DCERPCUuidEntry)); sizeof(DCERPCUuidEntry));
if (dcerpc->dcerpcbindbindack.uuid_entry == NULL) { if (dcerpc->dcerpcbindbindack.uuid_entry == NULL) {
@ -264,11 +264,11 @@ static uint32_t DCERPCParseBINDCTXItem(DCERPC *dcerpc, uint8_t *input, uint32_t
} }
SCReturnUInt(44U); SCReturnUInt(44U);
} }
} else { //} else {
SCLogDebug("ctxitem %u, expected %u\n", dcerpc->dcerpcbindbindack.ctxid, // SCLogDebug("ctxitem %u, expected %u\n", dcerpc->dcerpcbindbindack.ctxid,
dcerpc->dcerpcbindbindack.numctxitems - dcerpc->dcerpcbindbindack.numctxitemsleft); // dcerpc->dcerpcbindbindack.numctxitems - dcerpc->dcerpcbindbindack.numctxitemsleft);
SCReturnUInt(0); // SCReturnUInt(0);
} //}
} else { } else {
dcerpc->dcerpcbindbindack.ctxid = *(p++); dcerpc->dcerpcbindbindack.ctxid = *(p++);
if (!(--input_len)) if (!(--input_len))
@ -447,11 +447,12 @@ static uint32_t DCERPCParseBINDCTXItem(DCERPC *dcerpc, uint8_t *input, uint32_t
case 43: case 43:
p++; p++;
--input_len; --input_len;
if (dcerpc->dcerpcbindbindack.ctxid == dcerpc->dcerpcbindbindack.numctxitems - dcerpc->dcerpcbindbindack.numctxitemsleft) { //if (dcerpc->dcerpcbindbindack.ctxid ==
// (dcerpc->dcerpcbindbindack.numctxitems - dcerpc->dcerpcbindbindack.numctxitemsleft)) {
dcerpc->dcerpcbindbindack.uuid_entry = (DCERPCUuidEntry *) SCCalloc(1, dcerpc->dcerpcbindbindack.uuid_entry = (DCERPCUuidEntry *) SCCalloc(1,
sizeof(DCERPCUuidEntry)); sizeof(DCERPCUuidEntry));
if (dcerpc->dcerpcbindbindack.uuid_entry == NULL) { if (dcerpc->dcerpcbindbindack.uuid_entry == NULL) {
SCLogDebug("UUID Entry is NULL\n"); SCLogDebug("UUID Entry is NULL\n");
SCReturnUInt(0); SCReturnUInt(0);
} else { } else {
memcpy(dcerpc->dcerpcbindbindack.uuid_entry->uuid, dcerpc->dcerpcbindbindack.uuid, memcpy(dcerpc->dcerpcbindbindack.uuid_entry->uuid, dcerpc->dcerpcbindbindack.uuid,
@ -471,11 +472,11 @@ static uint32_t DCERPCParseBINDCTXItem(DCERPC *dcerpc, uint8_t *input, uint32_t
dcerpc->dcerpcbindbindack.ctxbytesprocessed += (p - input); dcerpc->dcerpcbindbindack.ctxbytesprocessed += (p - input);
SCReturnUInt((uint32_t)(p - input)); SCReturnUInt((uint32_t)(p - input));
} }
} else { //} else {
SCLogDebug("ctxitem %u, expected %u\n", dcerpc->dcerpcbindbindack.ctxid, // SCLogDebug("ctxitem %u, expected %u\n", dcerpc->dcerpcbindbindack.ctxid,
dcerpc->dcerpcbindbindack.numctxitems - dcerpc->dcerpcbindbindack.numctxitemsleft); // dcerpc->dcerpcbindbindack.numctxitems - dcerpc->dcerpcbindbindack.numctxitemsleft);
SCReturnUInt(0); // SCReturnUInt(0);
} //}
break; break;
} }
} }

Write Preview
Loading…
Cancel
Save