aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix bounds checking in smb probing parser

Browse Source
remotes/origin/master-1.1.x
Anoop Saldanha 14 years ago committed by Victor Julien
parent 149ee6b648
commit 7f8fb0f00d
2 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File

9
src/app-layer-parser.c
Unescape Escape View File

@ -1345,6 +1345,15 @@ AppLayerCreateAppLayerProbingParserElement(const char *al_proto_name,
pe->ProbingParser = AppLayerProbingParser; pe->ProbingParser = AppLayerProbingParser;
pe->next = NULL; pe->next = NULL;
if (min_depth > max_depth ||
al_proto <= ALPROTO_UNKNOWN || al_proto >= ALPROTO_MAX ||
AppLayerProbingParser == NULL) {
SCLogError(SC_ERR_ALPARSER, "Invalid arguments sent to "
"register the probing parser. Please have min_depth, "
"max_depth, al_proto, AppLayerProbingParser function "
"checked");
}
return pe; return pe;
} }

12
src/app-layer-smb.c
Unescape Escape View File

@ -1321,11 +1321,13 @@ void SMBUpdateTransactionId(void *state, uint16_t *id) {
SCReturn; SCReturn;
} }
#define SMB_PROBING_PARSER_MIN_DEPTH 8
static uint16_t SMBProbingParser(uint8_t *input, uint32_t input_len) static uint16_t SMBProbingParser(uint8_t *input, uint32_t input_len)
{ {
uint32_t len; uint32_t len;
while (input_len > 0) { while (input_len >= SMB_PROBING_PARSER_MIN_DEPTH) {
switch (input[0]) { switch (input[0]) {
case NBSS_SESSION_MESSAGE: case NBSS_SESSION_MESSAGE:
if (input[4] == 0xFF && input[5] == 'S' && input[6] == 'M' && if (input[4] == 0xFF && input[5] == 'S' && input[6] == 'M' &&
@ -1342,6 +1344,8 @@ static uint16_t SMBProbingParser(uint8_t *input, uint32_t input_len)
len = input[2] << 8; len = input[2] << 8;
len |= input[3]; len |= input[3];
break; break;
default:
return ALPROTO_UNKNOWN;
} }
input_len -= 4; input_len -= 4;
@ -1376,7 +1380,7 @@ void RegisterSMBParsers(void) {
IPPROTO_TCP, IPPROTO_TCP,
"smb", "smb",
ALPROTO_SMB, ALPROTO_SMB,
8, 0, SMB_PROBING_PARSER_MIN_DEPTH, 0,
STREAM_TOSERVER, STREAM_TOSERVER,
APP_LAYER_PROBING_PARSER_PRIORITY_HIGH, 1, APP_LAYER_PROBING_PARSER_PRIORITY_HIGH, 1,
SMBProbingParser); SMBProbingParser);
@ -1989,7 +1993,7 @@ int SMBParserTest05(void)
IPPROTO_TCP, IPPROTO_TCP,
"smb", "smb",
ALPROTO_SMB, ALPROTO_SMB,
8, 0, SMB_PROBING_PARSER_MIN_DEPTH, 0,
STREAM_TOSERVER, STREAM_TOSERVER,
APP_LAYER_PROBING_PARSER_PRIORITY_HIGH, 1, APP_LAYER_PROBING_PARSER_PRIORITY_HIGH, 1,
SMBProbingParser); SMBProbingParser);
@ -2075,7 +2079,7 @@ int SMBParserTest06(void)
IPPROTO_TCP, IPPROTO_TCP,
"smb", "smb",
ALPROTO_SMB, ALPROTO_SMB,
8, 0, SMB_PROBING_PARSER_MIN_DEPTH, 0,
STREAM_TOSERVER, STREAM_TOSERVER,
APP_LAYER_PROBING_PARSER_PRIORITY_HIGH, 1, APP_LAYER_PROBING_PARSER_PRIORITY_HIGH, 1,
SMBProbingParser); SMBProbingParser);

Write Preview
Loading…
Cancel
Save