From fc9b65d8d3188c57016635aef8d7cdfe4552324e Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 19 Apr 2022 08:13:48 +0200 Subject: [PATCH] smb2: validate negotiate read/write max sizes Raise event if they exceed the configured limit. --- rust/src/smb/events.rs | 5 +++++ rust/src/smb/smb2.rs | 9 +++++++++ 2 files changed, 14 insertions(+) diff --git a/rust/src/smb/events.rs b/rust/src/smb/events.rs index 650fb7d6f6..980801e4cd 100644 --- a/rust/src/smb/events.rs +++ b/rust/src/smb/events.rs @@ -31,6 +31,11 @@ pub enum SMBEvent { RequestToClient, /// A response was seen in the to server direction, ResponseToServer, + + /// Negotiated max sizes exceed our limit + NegotiateMaxReadSizeTooLarge, + NegotiateMaxWriteSizeTooLarge, + /// READ request asking for more than `max_read_size` ReadRequestTooLarge, /// READ response bigger than `max_read_size` diff --git a/rust/src/smb/smb2.rs b/rust/src/smb/smb2.rs index 0590642a37..34c6a43573 100644 --- a/rust/src/smb/smb2.rs +++ b/rust/src/smb/smb2.rs @@ -827,6 +827,15 @@ pub fn smb2_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) Ok((_, rd)) => { SCLogDebug!("SERVER dialect => {}", &smb2_dialect_string(rd.dialect)); + let smb_cfg_max_read_size = unsafe { SMB_CFG_MAX_READ_SIZE }; + if smb_cfg_max_read_size != 0 && rd.max_read_size > smb_cfg_max_read_size { + state.set_event(SMBEvent::NegotiateMaxReadSizeTooLarge); + } + let smb_cfg_max_write_size = unsafe { SMB_CFG_MAX_WRITE_SIZE }; + if smb_cfg_max_write_size != 0 && rd.max_write_size > smb_cfg_max_write_size { + state.set_event(SMBEvent::NegotiateMaxWriteSizeTooLarge); + } + state.dialect = rd.dialect; state.max_read_size = rd.max_read_size; state.max_write_size = rd.max_write_size;