aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

64 bit portability

Browse Source
remotes/origin/master-1.0.x
root 16 years ago committed by Victor Julien
parent d7958f7983
commit 9b74a2765e
3 changed files with 93 additions and 117 deletions
Show Stats Download Patch File Download Diff File

77
src/app-layer-dcerpc.c
Unescape Escape View File

@ -46,7 +46,7 @@ void printUUID(char *type, struct uuid_entry *uuid) {
printf(" Major Version 0x%04x Minor Version 0x%04x\n", uuid->version, uuid->versionminor);
}
static int DCERPCParseSecondaryAddr(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
static uint32_t DCERPCParseSecondaryAddr(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{
SCEnter();
@ -57,11 +57,12 @@ static int DCERPCParseSecondaryAddr(Flow *f, void *dcerpc_state, AppLayerParserS
p++;
}
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int PaddingParser(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
static uint32_t PaddingParser(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state;
uint8_t *p = input;
while (sstate->padleft-- && input_len--) {
@ -69,10 +70,10 @@ static int PaddingParser(Flow *f, void *dcerpc_state, AppLayerParserState *pstat
p++;
}
sstate->bytesprocessed += (p - input);
return (p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int DCERPCGetCTXItems(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
static uint32_t DCERPCGetCTXItems(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state;
@ -80,16 +81,17 @@ static int DCERPCGetCTXItems(Flow *f, void *dcerpc_state, AppLayerParserState *p
if (input_len) {
switch(sstate->ctxbytesprocessed) {
case 0:
/*if (input_len >= 4) {
if (input_len >= 4) {
sstate->numctxitems = *p;
sstate->numctxitemsleft = sstate->numctxitems;
sstate->ctxbytesprocessed += (4);
SCReturnInt(4);
} else { */
sstate->ctxbytesprocessed += 4;
sstate->bytesprocessed += 4;
SCReturnUInt(4U);
} else {
sstate->numctxitems = *(p++);
sstate->numctxitemsleft = sstate->numctxitems;
if (!(--input_len)) break;
//}
}
case 1:
p++;
if (!(--input_len)) break;
@ -104,11 +106,11 @@ static int DCERPCGetCTXItems(Flow *f, void *dcerpc_state, AppLayerParserState *p
}
sstate->ctxbytesprocessed += (p - input);
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
static uint32_t DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state;
uint8_t *p = input;
@ -141,7 +143,7 @@ static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserSta
sstate->versionminor |= *(p + 23) << 8;
sstate->uuid_entry = (struct uuid_entry *) calloc(1, sizeof(struct uuid_entry));
if (sstate->uuid_entry == NULL) {
SCReturnInt(-1);
SCReturnUInt(0);
} else {
memcpy(sstate->uuid_entry->uuid, sstate->uuid,
sizeof(sstate->uuid));
@ -149,12 +151,12 @@ static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserSta
sstate->uuid_entry->version = sstate->version;
sstate->uuid_entry->versionminor = sstate->versionminor;
TAILQ_INSERT_HEAD(&sstate->uuid_list, sstate->uuid_entry, next);
printUUID("BIND", sstate->uuid_entry);
//printUUID("BIND", sstate->uuid_entry);
}
sstate->numctxitemsleft--;
sstate->bytesprocessed += (44);
sstate->ctxbytesprocessed += (44);
SCReturnInt(44);
SCReturnUInt(44U);
} else {
sstate->ctxid = *(p++);
if (!(--input_len)) break;
@ -290,7 +292,7 @@ static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserSta
case 43:
sstate->numctxitemsleft--;
if (sstate->uuid_entry == NULL) {
SCReturnInt(-1);
SCReturnUInt(0);
} else {
memcpy(sstate->uuid_entry->uuid, sstate->uuid,
sizeof(sstate->uuid));
@ -306,10 +308,10 @@ static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserSta
}
sstate->ctxbytesprocessed += (p - input);
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
static uint32_t DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state;
uint8_t *p = input;
@ -323,14 +325,14 @@ static int DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParser
TAILQ_FOREACH(uuid_entry, &sstate->uuid_list, next) {
if(uuid_entry->ctxid == sstate->numctxitems - sstate->numctxitemsleft) {
uuid_entry->result = sstate->result;
printUUID("BIND_ACK", uuid_entry);
//printUUID("BIND_ACK", uuid_entry);
break;
}
}
sstate->numctxitemsleft--;
sstate->bytesprocessed += (24);
sstate->ctxbytesprocessed += (24);
SCReturnInt(24);
SCReturnUInt(24U);
} else {
sstate->result = *(p++);
if (!(--input_len)) break;
@ -407,7 +409,7 @@ static int DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParser
TAILQ_FOREACH(uuid_entry, &sstate->uuid_list, next) {
if(uuid_entry->ctxid == sstate->numctxitems - sstate->numctxitemsleft) {
uuid_entry->result = sstate->result;
printUUID("BIND_ACK", uuid_entry);
//printUUID("BIND_ACK", uuid_entry);
break;
}
}
@ -420,10 +422,10 @@ static int DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParser
}
sstate->ctxbytesprocessed += (p - input);
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
static uint32_t DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state;
@ -437,7 +439,7 @@ static int DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pst
sstate->numctxitems = *(p+8);
sstate->numctxitemsleft = sstate->numctxitems;
sstate->bytesprocessed += 12;
SCReturnInt(12);
SCReturnUInt(12U);
} else {
/* max_xmit_frag */
p++;
@ -492,10 +494,10 @@ static int DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pst
}
}
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
static uint32_t DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state;
uint8_t *p = input;
@ -508,7 +510,7 @@ static int DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState *
sstate->secondaryaddrlen |= *(p+9) << 8;
sstate->secondaryaddrlenleft = sstate->secondaryaddrlen;
sstate->bytesprocessed += 10;
SCReturnInt(10);
SCReturnUInt(10U);
} else {
/* max_xmit_frag */
p++;
@ -553,10 +555,10 @@ static int DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState *
break;
}
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState
static uint32_t DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState
*pstate, uint8_t *input, uint32_t input_len,
AppLayerParserResult *output) {
SCEnter();
@ -592,7 +594,7 @@ static int DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState
sstate->dcerpc.call_id |= *(p + 14) << 8;
sstate->dcerpc.call_id |= *(p + 15);
sstate->bytesprocessed = DCERPC_HDR_LEN;
SCReturnInt(DCERPC_HDR_LEN);
SCReturnUInt(16U);
break;
} else {
sstate->dcerpc.rpc_vers = *(p++);
@ -647,13 +649,10 @@ static int DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState
sstate->dcerpc.call_id |= *(p++);
--input_len;
break;
default: // SHOULD NEVER OCCUR
SCLogDebug("Odd");
SCReturnInt(8);
}
}
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
@ -672,6 +671,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
parsed += retval;
input_len -= retval;
}
SCLogDebug("Done with DCERPCParseHeader bytesprocessed %u\n", sstate->bytesprocessed);
switch (sstate->dcerpc.type) {
case BIND:
@ -684,6 +684,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
parsed += retval;
input_len -= retval;
}
SCLogDebug("Done with DCERPCParseBIND bytesprocessed %u\n", sstate->bytesprocessed);
while (sstate->numctxitemsleft && sstate->bytesprocessed < sstate->dcerpc.frag_length &&
input_len) {
@ -695,6 +696,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
parsed += retval;
input_len -= retval;
}
SCLogDebug("Done with DCERPCParseBINDCTXItem bytesprocessed %u\n", sstate->bytesprocessed);
if (sstate->bytesprocessed == sstate->dcerpc.frag_length) {
sstate->bytesprocessed = 0;
@ -711,6 +713,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
parsed += retval;
input_len -= retval;
}
SCLogDebug("Done with DCERPCParseBINDACK bytesprocessed %u\n", sstate->bytesprocessed);
while (sstate->bytesprocessed < DCERPC_HDR_LEN + 10 + sstate->secondaryaddrlen && input_len--) {
retval = DCERPCParseSecondaryAddr(f, dcerpc_state, pstate, input + parsed, input_len,
@ -718,11 +721,13 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
parsed += retval;
input_len -= retval;
}
SCLogDebug("Done with DCERPCParseSecondaryAddr bytesprocessed %u\n", sstate->bytesprocessed);
if(sstate->bytesprocessed == DCERPC_HDR_LEN + 10 + sstate->secondaryaddrlen) {
sstate->pad = sstate->bytesprocessed % 4;
sstate->padleft = sstate->pad;
}
SCLogDebug("pad %u\n", sstate->pad);
while (sstate->bytesprocessed < DCERPC_HDR_LEN + 10 + sstate->secondaryaddrlen + sstate->pad && input_len--) {
retval = PaddingParser(f, dcerpc_state, pstate, input + parsed, input_len,
@ -730,6 +735,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
parsed += retval;
input_len -= retval;
}
SCLogDebug("Done with PaddingParser bytesprocessed %u\n", sstate->bytesprocessed);
while(sstate->bytesprocessed >= DCERPC_HDR_LEN + 10 + sstate->pad + sstate->secondaryaddrlen &&
sstate->bytesprocessed < DCERPC_HDR_LEN + 14 + sstate->pad + sstate->secondaryaddrlen) {
@ -738,6 +744,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
parsed += retval;
input_len -= retval;
}
SCLogDebug("Done with DCERPCGetCTXItems bytesprocessed %u\n", sstate->bytesprocessed);
if (sstate->bytesprocessed == DCERPC_HDR_LEN + 14 + sstate->pad + sstate->secondaryaddrlen) {
sstate->ctxbytesprocessed = 0;
@ -752,6 +759,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
parsed += retval;
input_len -= retval;
}
SCLogDebug("Done with DCERPCParseBINDACKCTXItem bytesprocessed %u\n", sstate->bytesprocessed);
if (sstate->bytesprocessed == sstate->dcerpc.frag_length) {
sstate->bytesprocessed = 0;
@ -793,7 +801,6 @@ static void DCERPCStateFree(void *s) {
void RegisterDCERPCParsers(void) {
AppLayerRegisterProto("dcerpc", ALPROTO_DCERPC, STREAM_TOSERVER, DCERPCParse);
AppLayerRegisterProto("dcerpc", ALPROTO_DCERPC, STREAM_TOCLIENT, DCERPCParse);
AppLayerRegisterParser("dcerpc.hdr", ALPROTO_DCERPC, DCERPC_PARSE_DCERPC_HEADER, DCERPCParseHeader, "dcerpc");
AppLayerRegisterStateFuncs(ALPROTO_DCERPC, DCERPCStateAlloc, DCERPCStateFree);
}

95
src/app-layer-smb.c
Unescape Escape View File

@ -102,8 +102,9 @@ void hexdump(const void *buf, size_t len) {
* \brief SMB Write AndX Request Parsing
*/
/* For WriteAndX we need to get writeandxdataoffset */
static int SMBParseWriteAndX(Flow *f, void *smb_state, AppLayerParserState *pstate,
static uint32_t SMBParseWriteAndX(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
uint8_t *p = input;
switch (sstate->andx.andxbytesprocessed) {
@ -123,9 +124,8 @@ static int SMBParseWriteAndX(Flow *f, void *smb_state, AppLayerParserState *psta
sstate->andx.dataoffset|= (uint64_t) *(p+25) << 48;
sstate->andx.dataoffset|= (uint64_t) *(p+26) << 40;
sstate->andx.dataoffset|= (uint64_t) *(p+27) << 32;
input_len -= 28;
sstate->bytesprocessed += 28;
return 28;
SCReturnUInt(28U);
} else {
sstate->andx.andxcommand = *(p++);
if (!(--input_len)) break;
@ -230,19 +230,17 @@ static int SMBParseWriteAndX(Flow *f, void *smb_state, AppLayerParserState *psta
sstate->andx.dataoffset|= (uint64_t) *(p++) << 32;
--input_len;
break;
default:
// SHOULD NEVER OCCUR
return 0;
}
sstate->bytesprocessed += (p - input);
return (p - input);
SCReturnUInt((uint32_t)(p - input));
}
/**
* \brief SMB Read AndX Response Parsing
*/
static int SMBParseReadAndX(Flow *f, void *smb_state, AppLayerParserState *pstate,
static uint32_t SMBParseReadAndX(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
uint8_t *p = input;
switch (sstate->andx.andxbytesprocessed) {
@ -260,9 +258,8 @@ static int SMBParseReadAndX(Flow *f, void *smb_state, AppLayerParserState *pstat
sstate->andx.datalength |= (uint64_t) *(p+15) << 48;
sstate->andx.datalength |= (uint64_t) *(p+16) << 40;
sstate->andx.datalength |= (uint64_t) *(p+17) << 32;
input_len -= 24;
sstate->bytesprocessed += 24;
return 24;
SCReturnUInt(24U);
} else {
sstate->andx.andxcommand = *(p++);
if (!(--input_len)) break;
@ -331,20 +328,17 @@ static int SMBParseReadAndX(Flow *f, void *smb_state, AppLayerParserState *pstat
p++;
--input_len;
break;
default:
// SHOULD NEVER OCCUR
return 0;
}
return 0;
sstate->bytesprocessed += (p - input);
return (p - input);
SCReturnUInt((uint32_t)(p - input));
}
/**
* Handle variable length padding for WriteAndX and ReadAndX
*/
static int PaddingParser(void *smb_state, AppLayerParserState *pstate,
static uint32_t PaddingParser(void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
uint8_t *p = input;
while ((uint32_t)(sstate->bytesprocessed + (p - input)) < sstate->andx.dataoffset && sstate->bytecount.bytecount-- && input_len--) {
@ -354,15 +348,16 @@ static int PaddingParser(void *smb_state, AppLayerParserState *pstate,
sstate->andx.paddingparsed = 1;
}
sstate->bytesprocessed += (p - input);
return (p - input);
SCReturnUInt((uint32_t)(p - input));
}
/**
* \brief Parse WriteAndX and ReadAndX Data
* \todo Hand off to DCERPC parser for DCERPC over SMB
*/
static int DataParser(void *smb_state, AppLayerParserState *pstate,
static uint32_t DataParser(void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
uint8_t *p = input;
@ -373,7 +368,7 @@ static int DataParser(void *smb_state, AppLayerParserState *pstate,
}
}
sstate->bytesprocessed += (p - input);
return (p - input);
SCReturnUInt((uint32_t)(p - input));
}
@ -382,7 +377,7 @@ static int DataParser(void *smb_state, AppLayerParserState *pstate,
* Reset bytecount.bytecountbytes to 0.
* Determine if this is an SMB AndX Command
*/
static int SMBGetWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
static uint32_t SMBGetWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{
SCEnter();
@ -393,9 +388,9 @@ static int SMBGetWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate
sstate->bytecount.bytecountbytes = 0;
sstate->andx.isandx = isAndX(sstate);
SCLogDebug("Wordcount (%u):", sstate->wordcount.wordcount);
SCReturnInt(1);
SCReturnUInt(1U);
}
SCReturnInt(0);
SCReturnUInt(0);
}
/*
@ -403,7 +398,7 @@ static int SMBGetWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate
* is after the first bytecount byte.
*/
static int SMBGetByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
static uint32_t SMBGetByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{
SCEnter();
@ -422,14 +417,14 @@ static int SMBGetByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate
SCLogDebug("Bytecount %u", sstate->bytecount.bytecount);
--input_len;
}
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
/**
* \brief SMBParseWordCount parses the SMB Wordcount portion of the SMB Transaction.
* until sstate->wordcount.wordcount bytes are parsed.
*/
static int SMBParseWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
static uint32_t SMBParseWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{
SCEnter();
@ -442,20 +437,20 @@ static int SMBParseWordCount(Flow *f, void *smb_state, AppLayerParserState *psta
parsed += retval;
input_len -= retval;
sstate->wordcount.wordcount -= retval;
return retval;
SCReturnUInt(retval);
} else if (((sstate->smb.flags & SMB_FLAGS_SERVER_TO_REDIR) == 0) && sstate->smb.command == SMB_COM_WRITE_ANDX) {
retval = SMBParseWriteAndX(f, sstate, pstate, input + parsed, input_len, output);
parsed += retval;
input_len -= retval;
sstate->wordcount.wordcount -= retval;
return retval;
SCReturnUInt(retval);
} else { /* Generic WordCount Handler */
while (sstate->wordcount.wordcount-- && input_len--) {
SCLogDebug("0x%02x ", *p);
p++;
}
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
}
@ -464,7 +459,7 @@ static int SMBParseWordCount(Flow *f, void *smb_state, AppLayerParserState *psta
* until sstate->bytecount.bytecount bytes are parsed.
*/
static int SMBParseByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
static uint32_t SMBParseByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{
SCEnter();
@ -484,23 +479,21 @@ static int SMBParseByteCount(Flow *f, void *smb_state, AppLayerParserState *psta
parsed += retval;
input_len -= retval;
}
SCReturnUInt(retval);
}
while (sstate->bytecount.bytecount && input_len) {
SCLogDebug("0x%02x bytecount %u input_len %u", *p,
sstate->bytecount.bytecount, input_len);
p++;
sstate->wordcount.wordcount--;
input_len--;
}
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
//#define DEBUG 1
static int NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate,
static uint32_t NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{
SCEnter();
@ -517,9 +510,8 @@ static int NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate
sstate->nbss.length = (*(p + 1) & 0x01) << 16;
sstate->nbss.length |= *(p + 2) << 8;
sstate->nbss.length |= *(p + 3);
input_len -= NBSS_HDR_LEN;
sstate->bytesprocessed += NBSS_HDR_LEN;
SCReturnInt(NBSS_HDR_LEN);
SCReturnUInt(4U);
} else {
sstate->nbss.type = *(p++);
if (!(--input_len)) break;
@ -534,16 +526,13 @@ static int NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate
sstate->nbss.length |= *(p++);
--input_len;
break;
default:
SCReturnInt(-1);
break;
}
sstate->bytesprocessed += (p - input);
}
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate,
static uint32_t SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{
SCEnter();
@ -555,7 +544,7 @@ static int SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate,
if (input_len >= SMB_HDR_LEN) {
if (memcmp(p, "\xff\x53\x4d\x42", 4) != 0) {
SCLogDebug("SMB Header did not validate");
SCReturnInt(0);
SCReturnUInt(0);
}
sstate->smb.command = *(p + 4);
sstate->smb.status = *(p + 5) << 24;
@ -583,9 +572,8 @@ static int SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate,
sstate->smb.uid |= *(p + 29);
sstate->smb.mid = *(p + 30) << 8;
sstate->smb.mid |= *(p + 31);
input_len -= SMB_HDR_LEN;
sstate->bytesprocessed += SMB_HDR_LEN;
SCReturnInt(SMB_HDR_LEN);
SCReturnUInt(32U);
break;
} else {
//sstate->smb.protocol[0] = *(p++);
@ -693,12 +681,10 @@ static int SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate,
sstate->smb.mid |= *(p++);
--input_len;
break;
default: // SHOULD NEVER OCCUR
SCReturnInt(8);
}
}
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
@ -707,8 +693,8 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
uint32_t retval = 0;
uint32_t parsed = 0;
long int retval = 0;
long int parsed = 0;
if (pstate == NULL)
SCReturnInt(-1);
@ -719,7 +705,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
parsed += retval;
input_len -= retval;
SCLogDebug("NBSS Header (%u/%u) Type 0x%02x Length 0x%04x parsed %u input_len %u",
SCLogDebug("NBSS Header (%u/%u) Type 0x%02x Length 0x%04x parsed %ld input_len %u",
sstate->bytesprocessed, NBSS_HDR_LEN, sstate->nbss.type,
sstate->nbss.length, parsed, input_len);
}
@ -732,7 +718,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
parsed, input_len, output);
parsed += retval;
input_len -= retval;
SCLogDebug("SMB Header (%u/%u) Command 0x%02x parsed %u input_len %u",
SCLogDebug("SMB Header (%u/%u) Command 0x%02x parsed %ld input_len %u",
sstate->bytesprocessed, NBSS_HDR_LEN + SMB_HDR_LEN,
sstate->smb.command, parsed, input_len);
}
@ -744,7 +730,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
output);
parsed += retval;
input_len -= retval;
SCLogDebug("wordcount (%u) parsed %u input_len %u",
SCLogDebug("wordcount (%u) parsed %ld input_len %u",
sstate->wordcount.wordcount, parsed, input_len);
}
@ -795,6 +781,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
*/
int isAndX(SMBState *smb_state) {
SCEnter();
switch (smb_state->smb.command) {
case SMB_NO_SECONDARY_ANDX_COMMAND:
case SMB_COM_LOCKING_ANDX:
@ -806,9 +793,9 @@ int isAndX(SMBState *smb_state) {
case SMB_COM_TREE_CONNECT_ANDX:
case SMB_COM_NT_CREATE_ANDX:
smb_state->andx.andxbytesprocessed = 0;
return 1;
SCReturnInt(1);
default:
return 0;
SCReturnInt(0);
}
}

38
src/app-layer-smb2.c
Unescape Escape View File

@ -35,9 +35,9 @@ enum {
SMB_FIELD_MAX,
};
//#define DEBUG 1
static int NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate,
static uint32_t NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMB2State *sstate = (SMB2State *) smb2_state;
uint8_t *p = input;
@ -50,9 +50,8 @@ static int NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate,
sstate->nbss.length = (*(p + 1) & 0x01) << 16;
sstate->nbss.length |= *(p + 2) << 8;
sstate->nbss.length |= *(p + 3);
input_len -= NBSS_HDR_LEN;
sstate->bytesprocessed += NBSS_HDR_LEN;
return NBSS_HDR_LEN;
SCReturnUInt(4U);
} else {
sstate->nbss.type = *(p++);
if (!(--input_len)) break;
@ -67,17 +66,15 @@ static int NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate,
sstate->nbss.length |= *(p++);
--input_len;
break;
default:
return -1;
break;
}
sstate->bytesprocessed += (p - input);
}
return (p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate,
static uint32_t SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMB2State *sstate = (SMB2State *) smb2_state;
uint8_t *p = input;
if (input_len) {
@ -148,9 +145,8 @@ static int SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate,
sstate->smb2.Signature[13] = *(p + 61);
sstate->smb2.Signature[14] = *(p + 62);
sstate->smb2.Signature[15] = *(p + 63);
input_len -= SMB2_HDR_LEN;
sstate->bytesprocessed += SMB2_HDR_LEN;
return SMB2_HDR_LEN;
SCReturnUInt(64U);
break;
} else {
//sstate->smb2.protocol[0] = *(p++);
@ -354,16 +350,15 @@ static int SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate,
sstate->smb2.Signature[15] = *(p++);
--input_len;
break;
default: // SHOULD NEVER OCCUR
return 0;
}
}
sstate->bytesprocessed += (p - input);
return (p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int SMB2Parse(Flow *f, void *smb2_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMB2State *sstate = (SMB2State *) smb2_state;
uint32_t retval = 0;
uint32_t parsed = 0;
@ -399,7 +394,7 @@ static int SMB2Parse(Flow *f, void *smb2_state, AppLayerParserState *pstate,
}
pstate->parse_field = 0;
pstate->flags |= APP_LAYER_PARSER_DONE;
return 1;
SCReturnInt(1);
}
@ -422,19 +417,6 @@ static void SMB2StateFree(void *s) {
void RegisterSMB2Parsers(void) {
AppLayerRegisterProto("smb", ALPROTO_SMB2, STREAM_TOSERVER, SMB2Parse);
AppLayerRegisterProto("smb", ALPROTO_SMB2, STREAM_TOCLIENT, SMB2Parse);
/*AppLayerRegisterParser("nbss.hdr", ALPROTO_SMB, SMB_PARSE_NBSS_HEADER,
NBSSParseHeader, "smb");
AppLayerRegisterParser("smb.hdr", ALPROTO_SMB, SMB_PARSE_SMB_HEADER,
SMBParseHeader, "smb");
AppLayerRegisterParser("smb.getwordcount", ALPROTO_SMB, SMB_PARSE_GET_WORDCOUNT,
SMBGetWordCount, "smb");
AppLayerRegisterParser("smb.wordcount", ALPROTO_SMB, SMB_PARSE_WORDCOUNT,
SMBParseWordCount, "smb");
AppLayerRegisterParser("smb.getbytecount", ALPROTO_SMB, SMB_PARSE_GET_BYTECOUNT,
SMBGetByteCount, "smb");
AppLayerRegisterParser("smb.bytecount", ALPROTO_SMB, SMB_PARSE_BYTECOUNT,
SMBParseByteCount, "smb");
*/
AppLayerRegisterStateFuncs(ALPROTO_SMB2, SMB2StateAlloc, SMB2StateFree);
}

Write Preview
Loading…
Cancel
Save