From f7a41412d6fe0fbf285c538ae9d6d02eb63adb21 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Fri, 22 Mar 2019 11:57:52 +0100
Subject: [PATCH] smb1: fix NT create andx records filename parsing

Use file name parsing routines that take unicode into account
and consider padding bytes as well.
---
 rust/src/smb/smb1.rs         |  2 +-
 rust/src/smb/smb1_records.rs | 19 +++++++++++--------
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/rust/src/smb/smb1.rs b/rust/src/smb/smb1.rs
index 1fd6dc9da4..c37d38f51e 100644
--- a/rust/src/smb/smb1.rs
+++ b/rust/src/smb/smb1.rs
@@ -472,7 +472,7 @@ pub fn smb1_request_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>) -> u32 {
             }
         },
         SMB1_COMMAND_NT_CREATE_ANDX => {
-            match parse_smb_create_andx_request_record(r.data) {
+            match parse_smb_create_andx_request_record(r.data, r) {
                 Ok((_, cr)) => {
                     SCLogDebug!("Create AndX {:?}", cr);
                     let del = cr.create_options & 0x0000_1000 != 0;
diff --git a/rust/src/smb/smb1_records.rs b/rust/src/smb/smb1_records.rs
index bd1e6d8c45..3d351ad23c 100644
--- a/rust/src/smb/smb1_records.rs
+++ b/rust/src/smb/smb1_records.rs
@@ -530,28 +530,31 @@ named!(pub parse_smb_rename_request_record<SmbRequestRenameRecord>,
 );
 
 #[derive(Debug,PartialEq)]
-pub struct SmbRequestCreateAndXRecord<'a> {
+pub struct SmbRequestCreateAndXRecord<> {
     pub disposition: u32,
     pub create_options: u32,
-    pub file_name: &'a[u8],
+    pub file_name: Vec<u8>,
 }
 
-named!(pub parse_smb_create_andx_request_record<SmbRequestCreateAndXRecord>,
-    do_parse!(
+pub fn parse_smb_create_andx_request_record<'a>(i: &'a[u8], r: &SmbRecord)
+    -> IResult<&'a[u8], SmbRequestCreateAndXRecord<>>
+{
+    do_parse!(i,
           _skip1: take!(6)
        >> file_name_len: le_u16
        >> _skip3: take!(28)
        >> disposition: le_u32
        >> create_options: le_u32
-       >> _skip2: take!(7)
-       >> file_name: take!(file_name_len)
+       >> _skip2: take!(5)
+       >> bcc: le_u16
+       >> file_name: cond!(bcc >= file_name_len, apply!(smb1_get_string, r, (bcc - file_name_len) as usize))
        >> _skip3: rest
        >> (SmbRequestCreateAndXRecord {
                 disposition: disposition,
                 create_options: create_options,
-                file_name: file_name,
+                file_name: file_name.unwrap_or(Vec::new()),
            }))
-);
+}
 
 #[derive(Debug,PartialEq)]
 pub struct Trans2RecordParamSetFileInfoDisposition<> {