aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clean up smb/dcerpc code

Browse Source
remotes/origin/master-1.0.x
Victor Julien 15 years ago
parent 48cdc8e0fd
commit e2376948dd
2 changed files with 54 additions and 48 deletions
Show Stats Download Patch File Download Diff File

87
src/app-layer-dcerpc.c
Unescape Escape View File

@ -41,80 +41,85 @@ static int DCERPCParseCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *
SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state;
uint8_t *p = input;
uint8_t i = 0;
if (input_len) {
if (sstate->item == NULL) {
sstate->item = (struct entry *) malloc(sizeof(struct entry));
if (sstate->item == NULL) {
SCReturnInt(-1);
}
}
switch(sstate->ctxbytesprocessed) {
case 0:
/*sstate->item = (struct entry *) malloc(sizeof(struct entry));
if (sstate->item == NULL) {
return -1;
}
*/
sstate->item->ctxid = *(p++);
sstate->item->ctxid = *(p++);
if (!(--input_len)) break;
case 1:
sstate->item->ctxid |= *(p++) << 8;
sstate->item->ctxid |= *(p++) << 8;
if (!(--input_len)) break;
case 2:
/* num transact items */
p++;
if (!(--input_len)) break;
case 3:
/* reserved */
/* reserved */
p++;
if (!(--input_len)) break;
case 4:
sstate->item->uuid[3] = *(p++);
sstate->item->uuid[3] = *(p++);
if (!(--input_len)) break;
case 5:
sstate->item->uuid[2] = *(p++);
sstate->item->uuid[2] = *(p++);
if (!(--input_len)) break;
case 6:
sstate->item->uuid[1] = *(p++);
sstate->item->uuid[1] = *(p++);
if (!(--input_len)) break;
case 7:
sstate->item->uuid[0] = *(p++);
sstate->item->uuid[0] = *(p++);
if (!(--input_len)) break;
case 8:
sstate->item->uuid[5] = *(p++);
sstate->item->uuid[5] = *(p++);
if (!(--input_len)) break;
case 9:
sstate->item->uuid[4] = *(p++);
sstate->item->uuid[4] = *(p++);
if (!(--input_len)) break;
case 10:
sstate->item->uuid[7] = *(p++);
sstate->item->uuid[7] = *(p++);
if (!(--input_len)) break;
case 11:
sstate->item->uuid[6] = *(p++);
sstate->item->uuid[6] = *(p++);
if (!(--input_len)) break;
case 12:
sstate->item->uuid[8] = *(p++);
sstate->item->uuid[8] = *(p++);
if (!(--input_len)) break;
case 13:
sstate->item->uuid[9] = *(p++);
sstate->item->uuid[9] = *(p++);
if (!(--input_len)) break;
case 14:
sstate->item->uuid[10] = *(p++);
sstate->item->uuid[10] = *(p++);
if (!(--input_len)) break;
case 15:
sstate->item->uuid[11] = *(p++);
sstate->item->uuid[11] = *(p++);
if (!(--input_len)) break;
case 16:
sstate->item->uuid[12] = *(p++);
sstate->item->uuid[12] = *(p++);
if (!(--input_len)) break;
case 17:
sstate->item->uuid[13] = *(p++);
sstate->item->uuid[13] = *(p++);
if (!(--input_len)) break;
case 18:
sstate->item->uuid[14] = *(p++);
sstate->item->uuid[14] = *(p++);
if (!(--input_len)) break;
case 19:
sstate->item->uuid[15] = *(p++);
for (i = 0; i < 16; i++) {
printf("%02x", sstate->item->uuid[i]);
}
printf("\n");
// TAILQ_INSERT_TAIL(&sstate->head, sstate->item, entries);
sstate->item->uuid[15] = *(p++);
#if 0
int i = 0;
for (i = 0; i < 16; i++) {
printf("%02x", sstate->item->uuid[i]);
}
printf("\n");
#endif
// TAILQ_INSERT_TAIL(&sstate->head, sstate->item, entries);
if (!(--input_len)) break;
case 20:
p++;
@ -186,7 +191,7 @@ static int DCERPCParseCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *
p++;
if (!(--input_len)) break;
case 43:
sstate->numctxitems--;
sstate->numctxitems--;
p++;
--input_len;
break;
@ -483,8 +488,8 @@ void RegisterDCERPCParsers(void) {
int DCERPCParserTest01(void) {
int result = 1;
uint8_t i = 0;
struct entry *item;
// uint8_t i = 0;
// struct entry *item;
Flow f;
uint8_t dcerpcbuf[] = {
@ -640,7 +645,7 @@ int DCERPCParserTest01(void) {
goto end;
}
printf("dcerpcbuf size %u\n", dcerpclen);
// printf("dcerpcbuf size %u\n", dcerpclen);
DCERPCState *dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
printf("no dcerpc state: ");
@ -666,16 +671,16 @@ int DCERPCParserTest01(void) {
result = 0;
goto end;
}
#if 0
printf("UUID:\n");
TAILQ_FOREACH(item, &dcerpc_state->head, entries) {
printf("CTX Item %d\n", item->ctxid);
for (i = 0; i < 16; i++) {
printf("%02x", item->uuid[i]);
}
printf("\n");
printf("CTX Item %d\n", item->ctxid);
for (i = 0; i < 16; i++) {
printf("%02x", item->uuid[i]);
}
printf("\n");
}
#endif
end:
return result;
}

15
src/app-layer-smb.c
Unescape Escape View File

@ -366,7 +366,8 @@ static int DataParser(void *smb_state, AppLayerParserState *pstate,
if (sstate->andx.paddingparsed) {
while (sstate->andx.datalength-- && sstate->bytecount.bytecount-- && input_len--) {
printf("0x%02x ", *(p++));
SCLogDebug("0x%02x ", *p);
p++;
}
}
sstate->bytesprocessed += (p - input);
@ -449,9 +450,9 @@ static int SMBParseWordCount(Flow *f, void *smb_state, AppLayerParserState *psta
return retval;
} else { /* Generic WordCount Handler */
while (sstate->wordcount.wordcount-- && input_len--) {
printf("0x%02x ", *(p++));
SCLogDebug("0x%02x ", *p);
p++;
}
printf("\n");
sstate->bytesprocessed += (p - input);
return (p - input);
SCReturnInt(p - input);
@ -486,13 +487,13 @@ static int SMBParseByteCount(Flow *f, void *smb_state, AppLayerParserState *psta
}
while (sstate->bytecount.bytecount && input_len) {
SCLogDebug("0x%02x bytecount %u input_len %u", *(p++),
SCLogDebug("0x%02x bytecount %u input_len %u", *p,
sstate->bytecount.bytecount, input_len);
p++;
sstate->wordcount.wordcount--;
input_len--;
}
printf("\n");
sstate->bytesprocessed += (p - input);
SCReturnInt(p - input);
@ -731,7 +732,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
parsed, input_len, output);
parsed += retval;
input_len -= retval;
printf("SMB Header (%u/%u) Command 0x%02x parsed %u input_len %u\n",
SCLogDebug("SMB Header (%u/%u) Command 0x%02x parsed %u input_len %u",
sstate->bytesprocessed, NBSS_HDR_LEN + SMB_HDR_LEN,
sstate->smb.command, parsed, input_len);
}
@ -743,7 +744,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
output);
parsed += retval;
input_len -= retval;
printf("Wordcount (%u) parsed %u input_len %u\n",
SCLogDebug("wordcount (%u) parsed %u input_len %u",
sstate->wordcount.wordcount, parsed, input_len);
}

Write Preview
Loading…
Cancel
Save