diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 1d79e5ff5b..b8911a50e6 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -1345,6 +1345,15 @@ AppLayerCreateAppLayerProbingParserElement(const char *al_proto_name, pe->ProbingParser = AppLayerProbingParser; pe->next = NULL; + if (min_depth > max_depth || + al_proto <= ALPROTO_UNKNOWN || al_proto >= ALPROTO_MAX || + AppLayerProbingParser == NULL) { + SCLogError(SC_ERR_ALPARSER, "Invalid arguments sent to " + "register the probing parser. Please have min_depth, " + "max_depth, al_proto, AppLayerProbingParser function " + "checked"); + } + return pe; } diff --git a/src/app-layer-smb.c b/src/app-layer-smb.c index 8667766311..f75f753d87 100644 --- a/src/app-layer-smb.c +++ b/src/app-layer-smb.c @@ -1321,11 +1321,13 @@ void SMBUpdateTransactionId(void *state, uint16_t *id) { SCReturn; } +#define SMB_PROBING_PARSER_MIN_DEPTH 8 + static uint16_t SMBProbingParser(uint8_t *input, uint32_t input_len) { uint32_t len; - while (input_len > 0) { + while (input_len >= SMB_PROBING_PARSER_MIN_DEPTH) { switch (input[0]) { case NBSS_SESSION_MESSAGE: if (input[4] == 0xFF && input[5] == 'S' && input[6] == 'M' && @@ -1342,6 +1344,8 @@ static uint16_t SMBProbingParser(uint8_t *input, uint32_t input_len) len = input[2] << 8; len |= input[3]; break; + default: + return ALPROTO_UNKNOWN; } input_len -= 4; @@ -1376,7 +1380,7 @@ void RegisterSMBParsers(void) { IPPROTO_TCP, "smb", ALPROTO_SMB, - 8, 0, + SMB_PROBING_PARSER_MIN_DEPTH, 0, STREAM_TOSERVER, APP_LAYER_PROBING_PARSER_PRIORITY_HIGH, 1, SMBProbingParser); @@ -1989,7 +1993,7 @@ int SMBParserTest05(void) IPPROTO_TCP, "smb", ALPROTO_SMB, - 8, 0, + SMB_PROBING_PARSER_MIN_DEPTH, 0, STREAM_TOSERVER, APP_LAYER_PROBING_PARSER_PRIORITY_HIGH, 1, SMBProbingParser); @@ -2075,7 +2079,7 @@ int SMBParserTest06(void) IPPROTO_TCP, "smb", ALPROTO_SMB, - 8, 0, + SMB_PROBING_PARSER_MIN_DEPTH, 0, STREAM_TOSERVER, APP_LAYER_PROBING_PARSER_PRIORITY_HIGH, 1, SMBProbingParser);