rust: update der-parser to 8.2.0

Minimal modifications required on the Suricata side, mainly for fields becoming private and needing an accessor instead. Note: As the kerberos parser still depends on der-parser 6.0, we still have to depend on that so it is depended on, but renamed to der-parser6. There is not an udpated kerberos-parser yet that uses der-parser 8.2.0. Ticket: #5991
2 years ago · b4f0d3c741
parent 59734d16a1
commit b4f0d3c741
6 changed files with 26 additions and 21 deletions
--- a/rust/Cargo.lock.in
+++ b/rust/Cargo.lock.in
@ -991,6 +991,7 @@ dependencies = [
 "byteorder",
 "crc",
 "der-parser 6.0.1",
+ "der-parser 8.2.0",
 "digest",
 "flate2",
 "hex",
--- a/rust/Cargo.toml.in
+++ b/rust/Cargo.toml.in
@ -41,8 +41,12 @@ aes-gcm = "~0.9.4"

 sawp-modbus = "~0.11.0"
 sawp = "~0.11.0"
-der-parser = "~6.0"
-kerberos-parser = "~0.7.1"
+der-parser = "~8.2.0"
+kerberos-parser = { version = "~0.7.1", default_features = false }
+
+# Kerberos parsing still depends on der-parser 6.0.1.
+der-parser6 = { package = "der-parser", version = "~6.0.1", default_features = false }
+
 ntp-parser = "~0.6.0"
 ipsec-parser = "~0.7.0"
 snmp-parser = "~0.9.0"
--- a/rust/src/asn1/mod.rs
+++ b/rust/src/asn1/mod.rs
@ -15,7 +15,7 @@
 * 02110-1301, USA.
 */

-use der_parser::ber::{parse_ber_recursive, BerObject, BerObjectContent, BerTag};
+use der_parser::ber::{parse_ber_recursive, BerObject, BerObjectContent, Tag};
 use nom7::Err;
 use std::convert::TryFrom;

@ -86,7 +86,7 @@ impl<'a> Asn1<'a> {
    fn check_object(obj: &BerObject, ad: &DetectAsn1Data) -> Option<Asn1Check> {
        // get length
        // Note that if length is indefinite (BER), this will return None
-        let len = obj.header.len.primitive().ok()?;
+        let len = obj.header.length().definite().ok()?;
        // oversize_length will check if a node has a length greater than
        // the user supplied length
        if let Some(oversize_length) = ad.oversize_length {
@ -101,7 +101,7 @@ impl<'a> Asn1<'a> {
        // to ignore is greater than the length decoded (in bits)
        if ad.bitstring_overflow
            && (obj.header.is_universal()
-                && obj.header.tag == BerTag::BitString
+                && obj.header.tag() == Tag::BitString
                && obj.header.is_primitive())
        {
            if let BerObjectContent::BitString(bits, _v) = &obj.content {
@ -118,7 +118,7 @@ impl<'a> Asn1<'a> {
        // and the buffer is greater than 256, the array is overflown
        if ad.double_overflow
            && (obj.header.is_universal()
-                && obj.header.tag == BerTag::RealType
+                && obj.header.tag() == Tag::RealType
                && obj.header.is_primitive())
        {
            if let Ok(data) = obj.content.as_slice() {
--- a/rust/src/kerberos.rs
+++ b/rust/src/kerberos.rs
@ -18,9 +18,9 @@
 use nom7::IResult;
 use nom7::error::{ErrorKind, ParseError};
 use nom7::number::streaming::le_u16;
-use der_parser;
-use der_parser::der::parse_der_oid;
-use der_parser::error::BerError;
+use der_parser6;
+use der_parser6::der::parse_der_oid;
+use der_parser6::error::BerError;
 use kerberos_parser::krb5::{ApReq, PrincipalName, Realm};
 use kerberos_parser::krb5_parser::parse_ap_req;

@ -56,7 +56,7 @@ pub struct Kerberos5Ticket {

 fn parse_kerberos5_request_do(blob: &[u8]) -> IResult<&[u8], ApReq, SecBlobError>
 {
-    let (_,b) = der_parser::parse_der(blob).map_err(nom7::Err::convert)?;
+    let (_,b) = der_parser6::parse_der(blob).map_err(nom7::Err::convert)?;
    let blob = b.as_slice().or(
        Err(nom7::Err::Error(SecBlobError::KrbFmtError))
    )?;
--- a/rust/src/krb/krb5.rs
+++ b/rust/src/krb/krb5.rs
@ -22,7 +22,7 @@ use std::ffi::CString;
 use nom7::{Err, IResult};
 use nom7::number::streaming::be_u32;
 use der_parser::der::der_read_element_header;
-use der_parser::ber::BerClass;
+use der_parser::ber::Class;
 use kerberos_parser::krb5_parser;
 use kerberos_parser::krb5::{EncryptionType,ErrorCode,MessageType,PrincipalName,Realm};
 use crate::applayer::{self, *};
@ -129,8 +129,8 @@ impl KRB5State {
        match der_read_element_header(i) {
            Ok((_rem,hdr)) => {
                // Kerberos messages start with an APPLICATION header
-                if hdr.class != BerClass::Application { return 0; }
-                match hdr.tag.0 {
+                if hdr.class() != Class::Application { return 0; }
+                match hdr.tag().0 {
                    10 => {
                        self.req_id = 10;
                    },
@ -190,7 +190,7 @@ impl KRB5State {
                        };
                        self.req_id = 0;
                    },
-                    _ => { SCLogDebug!("unknown/unsupported tag {}", hdr.tag); },
+                    _ => { SCLogDebug!("unknown/unsupported tag {}", hdr.tag()); },
                }
                0
            },
@ -338,9 +338,9 @@ pub unsafe extern "C" fn rs_krb5_probing_parser(_flow: *const Flow,
    match der_read_element_header(slice) {
        Ok((rem, ref hdr)) => {
            // Kerberos messages start with an APPLICATION header
-            if hdr.class != BerClass::Application { return ALPROTO_FAILED; }
+            if hdr.class() != Class::Application { return ALPROTO_FAILED; }
            // Tag number should be <= 30
-            if hdr.tag.0 > 30 { return ALPROTO_FAILED; }
+            if hdr.tag().0 > 30 { return ALPROTO_FAILED; }
            // Kerberos messages contain sequences
            if rem.is_empty() || rem[0] != 0x30 { return ALPROTO_FAILED; }
            // Check kerberos version
--- a/rust/src/smb/auth.rs
+++ b/rust/src/smb/auth.rs
@ -21,12 +21,12 @@ use crate::smb::ntlmssp_records::*;
 use crate::smb::smb::*;

 use nom7::{Err, IResult};
-use der_parser::ber::BerObjectContent;
-use der_parser::der::{parse_der_oid, parse_der_sequence};
+use der_parser6::ber::BerObjectContent;
+use der_parser6::der::{parse_der_oid, parse_der_sequence};

 fn parse_secblob_get_spnego(blob: &[u8]) -> IResult<&[u8], &[u8], SecBlobError>
 {
-    let (rem, base_o) = der_parser::parse_der(blob).map_err(Err::convert)?;
+    let (rem, base_o) = der_parser6::parse_der(blob).map_err(Err::convert)?;
    SCLogDebug!("parse_secblob_get_spnego: base_o {:?}", base_o);
    let d = match base_o.content.as_slice() {
        Err(_) => { return Err(Err::Error(SecBlobError::NotSpNego)); },
@ -59,7 +59,7 @@ fn parse_secblob_get_spnego(blob: &[u8]) -> IResult<&[u8], &[u8], SecBlobError>

 fn parse_secblob_spnego_start(blob: &[u8]) -> IResult<&[u8], &[u8], SecBlobError>
 {
-    let (rem, o) = der_parser::parse_der(blob).map_err(Err::convert)?;
+    let (rem, o) = der_parser6::parse_der(blob).map_err(Err::convert)?;
    let d = match o.content.as_slice() {
        Ok(d) => {
            SCLogDebug!("d: next data len {}",d.len());
@ -96,7 +96,7 @@ fn parse_secblob_spnego(blob: &[u8]) -> Option<SpnegoRequest>
            Ok(s) => s,
            _ => { continue; },
        };
-        let o = match der_parser::parse_der(n) {
+        let o = match der_parser6::parse_der(n) {
            Ok((_,x)) => x,
            _ => { continue; },
        };