smb2: validate negotiate read/write max sizes

Raise event if they exceed the configured limit.
3 years ago · fc9b65d8d3
parent 4be8334c9e
commit fc9b65d8d3
2 changed files with 14 additions and 0 deletions
--- a/rust/src/smb/events.rs
+++ b/rust/src/smb/events.rs
@ -31,6 +31,11 @@ pub enum SMBEvent {
    RequestToClient,
    /// A response was seen in the to server direction,
    ResponseToServer,
+
+    /// Negotiated max sizes exceed our limit
+    NegotiateMaxReadSizeTooLarge,
+    NegotiateMaxWriteSizeTooLarge,
+
    /// READ request asking for more than `max_read_size`
    ReadRequestTooLarge,
    /// READ response bigger than `max_read_size`
--- a/rust/src/smb/smb2.rs
+++ b/rust/src/smb/smb2.rs
@ -827,6 +827,15 @@ pub fn smb2_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
                Ok((_, rd)) => {
                    SCLogDebug!("SERVER dialect => {}", &smb2_dialect_string(rd.dialect));

+                    let smb_cfg_max_read_size = unsafe { SMB_CFG_MAX_READ_SIZE };
+                    if smb_cfg_max_read_size != 0 && rd.max_read_size > smb_cfg_max_read_size {
+                        state.set_event(SMBEvent::NegotiateMaxReadSizeTooLarge);
+                    }
+                    let smb_cfg_max_write_size = unsafe { SMB_CFG_MAX_WRITE_SIZE };
+                    if smb_cfg_max_write_size != 0 && rd.max_write_size > smb_cfg_max_write_size {
+                        state.set_event(SMBEvent::NegotiateMaxWriteSizeTooLarge);
+                    }
+
                    state.dialect = rd.dialect;
                    state.max_read_size = rd.max_read_size;
                    state.max_write_size = rd.max_write_size;