aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

krb: bump up crate version

Browse Source 
kerberos parser crate is also used by other procotols : nfs and
smb. These protocols use an older der_parser crate version.
Upgrading der_parser will simplify the code further.
pull/7703/head
Philippe Antoine 3 years ago committed by Victor Julien
parent 783dff2c38
commit 675de33405
2 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File

2
rust/Cargo.toml.in
Unescape Escape View File

@ -42,7 +42,7 @@ aes-gcm = "~0.8.0"
sawp-modbus = "~0.11.0" sawp-modbus = "~0.11.0"
sawp = "~0.11.0" sawp = "~0.11.0"
der-parser = "~4.0.2" der-parser = "~4.0.2"
kerberos-parser = "~0.5.0" kerberos-parser = "~0.7.1"
ntp-parser = "~0.6.0" ntp-parser = "~0.6.0"
ipsec-parser = "~0.7.0" ipsec-parser = "~0.7.0"
snmp-parser = "~0.6.0" snmp-parser = "~0.6.0"

26
rust/src/kerberos.rs
Unescape Escape View File

@ -20,7 +20,7 @@ use kerberos_parser::krb5::{ApReq,Realm,PrincipalName};
use nom; use nom;
use nom::IResult; use nom::IResult;
use nom::error::{ErrorKind, ParseError}; use nom::error::{ErrorKind, ParseError};
use nom::number::streaming::le_u16; use nom::number::complete::le_u16;
use der_parser; use der_parser;
use der_parser::error::BerError; use der_parser::error::BerError;
use der_parser::der::parse_der_oid; use der_parser::der::parse_der_oid;
@ -29,6 +29,7 @@ use der_parser::der::parse_der_oid;
pub enum SecBlobError { pub enum SecBlobError {
NotSpNego, NotSpNego,
KrbFmtError, KrbFmtError,
KrbReqError,
Ber(BerError), Ber(BerError),
NomError(ErrorKind), NomError(ErrorKind),
} }
@ -60,18 +61,17 @@ fn parse_kerberos5_request_do(blob: &[u8]) -> IResult<&[u8], ApReq, SecBlobError
let blob = b.as_slice().or( let blob = b.as_slice().or(
Err(nom::Err::Error(SecBlobError::KrbFmtError)) Err(nom::Err::Error(SecBlobError::KrbFmtError))
)?; )?;
do_parse!( let (blob, _) = parse_der_oid(blob).map_err(nom::Err::convert)?;
blob, let (blob, _) = le_u16(blob)?;
_base_o: parse_der_oid >> // Should be parse_ap_req(blob).map_err(nom::Err::convert)
_tok_id: le_u16 >> // But upgraded kerberos parser uses a newer der_parser crate
ap_req: parse_ap_req >> // Hence the enum `der_parser::error::BerError` are different
({ // and we cannot convert to SecBlobError with the From impl
SCLogDebug!("parse_kerberos5_request: base_o {:?}", _base_o.as_oid()); // Next is to upgrade the der_parser crate (and nom to nom7 by the way)
SCLogDebug!("parse_kerberos5_request: tok_id {}", _tok_id); match parse_ap_req(blob) {
ap_req Ok((blob, ap_req)) => Ok((blob, ap_req)),
}) _ => Err(nom::Err::Error(SecBlobError::KrbReqError)),
) }
.map_err(nom::Err::convert)
} }
pub fn parse_kerberos5_request(blob: &[u8]) -> IResult<&[u8], Kerberos5Ticket, SecBlobError> pub fn parse_kerberos5_request(blob: &[u8]) -> IResult<&[u8], Kerberos5Ticket, SecBlobError>

Write Preview
Loading…
Cancel
Save