]> git.ipfire.org Git - people/ms/suricata.git/blame - rust/src/dcerpc/dcerpc.rs
projects / people / ms / suricata.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
dcerpc: Change fn sign as per rust registration requirement
[people/ms/suricata.git] / rust / src / dcerpc / dcerpc.rs
CommitLineData
8036202c
SB		 1/* Copyright (C) 2020 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18use std::mem::transmute;
3641f1b5 19use crate::applayer::*;
0ac5c537 20use crate::core::{self, *};
8036202c 21use crate::dcerpc::parser;
8036202c
SB		 22use nom::error::ErrorKind;
23use nom::number::Endianness;
4c7f55e6 24use nom;
8036202c
SB		 25use std::cmp;
26
27// Constant DCERPC UDP Header length
28pub const DCERPC_HDR_LEN: u16 = 16;
29// FIRST flag set on the packet
30pub const DCERPC_UUID_ENTRY_FLAG_FF: u16 = 0x0001;
31
e9b21553
IB		 32// Flag bits in connection-oriented PDU header
33
8036202c
SB		 34// Value to indicate first fragment
35pub const PFC_FIRST_FRAG: u8 = 0x01;
36// Value to indicate last fragment
37pub const PFC_LAST_FRAG: u8 = 0x02;
38// Cancel was pending at sender
39pub const PFC_PENDING_CANCEL: u8 = 0x04;
40pub const PFC_RESERVED_1: u8 = 0x08;
41// supports concurrent multiplexing of a single connection.
42pub const PFC_CONC_MPX: u8 = 0x10;
43// only meaningful on `fault' packet; if true, guaranteed
44// call did not execute.
45pub const PFC_DID_NOT_EXECUTE: u8 = 0x20;
46// `maybe' call semantics requested
47pub const PFC_MAYBE: u8 = 0x40;
48// if true, a non-nil object UUID was specified in the handle, and
49// is present in the optional object field. If false, the object field
50// is omitted.
51pub const PFC_OBJECT_UUID: u8 = 0x80;
52
e9b21553
IB		 53// Flag bits in first flag field in connectionless PDU header.
54pub const PFCL1_RESERVED_01: u8 = 0x01; // Reserved for use by implementations
55pub const PFCL1_LASTFRAG: u8 = 0x02; // If set, the PDU is the last fragment
56 // of a multi-PDU transmission
57pub const PFCL1_FRAG: u8 = 0x04; // If set, the PDU is a fragment
58 // of a multi-PDU transmission
59pub const PFCL1_NOFACK: u8 = 0x08; // If set, the receiver is not requested
60 // to send a `fack' PDU for the fragment
61pub const PFCL1_MAYBE: u8 = 0x10; // If set, the PDU is for a `maybe' request
62pub const PFCL1_IDEMPOTENT: u8 = 0x20; // If set, the PDU is for
63 // an idempotent request
64pub const PFCL1_BROADCAST: u8 = 0x40; // If set, the PDU is for
65 // a broadcast request
66pub const PFCL1_RESERVED_80: u8 = 0x80; // Reserved for use by implementations
67
68// Flag bits in second flag field in connectionless PDU header.
69pub const PFCL2_RESERVED_01: u8 = 0x01; // Reserved for use by implementations
70pub const PFCL2_CANCEL_PENDING: u8 = 0x02; // Cancel pending at the call end
71pub const PFCL2_RESERVED_04: u8 = 0x04; // Reserved for future use
72pub const PFCL2_RESERVED_08: u8 = 0x08; // Reserved for future use
73pub const PFCL2_RESERVED_10: u8 = 0x10; // Reserved for future use
74pub const PFCL2_RESERVED_20: u8 = 0x20; // Reserved for future use
75pub const PFCL2_RESERVED_40: u8 = 0x40; // Reserved for future use
76pub const PFCL2_RESERVED_80: u8 = 0x80; // Reserved for future use
77
8036202c
SB		 78pub const REASON_NOT_SPECIFIED: u8 = 0;
79pub const TEMPORARY_CONGESTION: u8 = 1;
80pub const LOCAL_LIMIT_EXCEEDED: u8 = 2;
81pub const CALLED_PADDR_UNKNOWN: u8 = 3; /* not used */
82pub const PROTOCOL_VERSION_NOT_SUPPORTED: u8 = 4;
83pub const DEFAULT_CONTEXT_NOT_SUPPORTED: u8 = 5; /* not used */
84pub const USER_DATA_NOT_READABLE: u8 = 6; /* not used */
85pub const NO_PSAP_AVAILABLE: u8 = 7; /* not used */
86
87// DCERPC Header packet types
88pub const DCERPC_TYPE_REQUEST: u8 = 0;
89pub const DCERPC_TYPE_PING: u8 = 1;
90pub const DCERPC_TYPE_RESPONSE: u8 = 2;
91pub const DCERPC_TYPE_FAULT: u8 = 3;
92pub const DCERPC_TYPE_WORKING: u8 = 4;
93pub const DCERPC_TYPE_NOCALL: u8 = 5;
94pub const DCERPC_TYPE_REJECT: u8 = 6;
95pub const DCERPC_TYPE_ACK: u8 = 7;
96pub const DCERPC_TYPE_CL_CANCEL: u8 = 8;
97pub const DCERPC_TYPE_FACK: u8 = 9;
98pub const DCERPC_TYPE_CANCEL_ACK: u8 = 10;
99pub const DCERPC_TYPE_BIND: u8 = 11;
100pub const DCERPC_TYPE_BINDACK: u8 = 12;
101pub const DCERPC_TYPE_BINDNAK: u8 = 13;
102pub const DCERPC_TYPE_ALTER_CONTEXT: u8 = 14;
103pub const DCERPC_TYPE_ALTER_CONTEXT_RESP: u8 = 15;
104pub const DCERPC_TYPE_AUTH3: u8 = 16;
105pub const DCERPC_TYPE_SHUTDOWN: u8 = 17;
106pub const DCERPC_TYPE_CO_CANCEL: u8 = 18;
107pub const DCERPC_TYPE_ORPHANED: u8 = 19;
108pub const DCERPC_TYPE_RTS: u8 = 20;
bab497ab 109pub const DCERPC_TYPE_UNKNOWN: u8 = 99;
8036202c
SB		 110
111pub fn dcerpc_type_string(t: u8) -> String {
112 match t {
113 DCERPC_TYPE_REQUEST => "REQUEST",
114 DCERPC_TYPE_PING => "PING",
115 DCERPC_TYPE_RESPONSE => "RESPONSE",
116 DCERPC_TYPE_FAULT => "FAULT",
117 DCERPC_TYPE_WORKING => "WORKING",
118 DCERPC_TYPE_NOCALL => "NOCALL",
119 DCERPC_TYPE_REJECT => "REJECT",
120 DCERPC_TYPE_ACK => "ACK",
121 DCERPC_TYPE_CL_CANCEL => "CL_CANCEL",
122 DCERPC_TYPE_FACK => "FACK",
123 DCERPC_TYPE_CANCEL_ACK => "CANCEL_ACK",
124 DCERPC_TYPE_BIND => "BIND",
125 DCERPC_TYPE_BINDACK => "BINDACK",
126 DCERPC_TYPE_BINDNAK => "BINDNAK",
127 DCERPC_TYPE_ALTER_CONTEXT => "ALTER_CONTEXT",
128 DCERPC_TYPE_ALTER_CONTEXT_RESP => "ALTER_CONTEXT_RESP",
129 DCERPC_TYPE_AUTH3 => "AUTH3",
130 DCERPC_TYPE_SHUTDOWN => "SHUTDOWN",
131 DCERPC_TYPE_CO_CANCEL => "CO_CANCEL",
132 DCERPC_TYPE_ORPHANED => "ORPHANED",
133 DCERPC_TYPE_RTS => "RTS",
bab497ab 134 DCERPC_TYPE_UNKNOWN => "UNKNOWN",
8036202c
SB		 135 _ => {
136 return (t).to_string();
137 }
138 }
139 .to_string()
140}
141
bab497ab
SB		 142pub fn get_resp_type_for_req(t: u8) -> u8 {
143 match t {
144 DCERPC_TYPE_REQUEST => DCERPC_TYPE_RESPONSE,
145 DCERPC_TYPE_BIND => DCERPC_TYPE_BINDACK,
146 DCERPC_TYPE_ALTER_CONTEXT => DCERPC_TYPE_ALTER_CONTEXT_RESP,
147 _ => DCERPC_TYPE_UNKNOWN,
148 }
149}
150
151pub fn get_req_type_for_resp(t: u8) -> u8 {
152 match t {
153 DCERPC_TYPE_RESPONSE => DCERPC_TYPE_REQUEST,
154 DCERPC_TYPE_BINDACK => DCERPC_TYPE_BIND,
155 DCERPC_TYPE_ALTER_CONTEXT_RESP => DCERPC_TYPE_ALTER_CONTEXT,
156 _ => DCERPC_TYPE_UNKNOWN,
157 }
158}
159
8036202c 160#[derive(Debug)]
bab497ab 161pub struct DCERPCTransaction {
2840a2e0 162 pub id: u64, // internal transaction ID
8036202c
SB		 163 pub ctxid: u16,
164 pub opnum: u16,
165 pub first_request_seen: u8,
bab497ab
SB		 166 pub call_id: u32, // ID to match any request-response pair
167 pub frag_cnt_ts: u16,
168 pub frag_cnt_tc: u16,
169 pub endianness: u8,
170 pub stub_data_buffer_ts: Vec<u8>,
171 pub stub_data_buffer_tc: Vec<u8>,
bab497ab
SB		 172 pub stub_data_buffer_reset_ts: bool,
173 pub stub_data_buffer_reset_tc: bool,
174 pub req_done: bool,
175 pub resp_done: bool,
4c7f55e6
SB		 176 pub req_lost: bool,
177 pub resp_lost: bool,
bab497ab
SB		 178 pub req_cmd: u8,
179 pub resp_cmd: u8,
6916b63f
IB		 180 pub activityuuid: Vec<u8>,
181 pub seqnum: u32,
bab497ab
SB		 182 pub tx_data: AppLayerTxData,
183 pub de_state: Option<*mut core::DetectEngineState>,
8036202c
SB		 184}
185
bab497ab
SB		 186impl DCERPCTransaction {
187 pub fn new() -> DCERPCTransaction {
188 return DCERPCTransaction {
189 id: 0,
8036202c
SB		 190 ctxid: 0,
191 opnum: 0,
192 first_request_seen: 0,
bab497ab
SB		 193 call_id: 0,
194 frag_cnt_ts: 0,
195 frag_cnt_tc: 0,
196 endianness: 0,
197 stub_data_buffer_ts: Vec::new(),
198 stub_data_buffer_tc: Vec::new(),
bab497ab
SB		 199 stub_data_buffer_reset_ts: false,
200 stub_data_buffer_reset_tc: false,
201 req_done: false,
202 resp_done: false,
4c7f55e6
SB		 203 req_lost: false,
204 resp_lost: false,
bab497ab
SB		 205 req_cmd: DCERPC_TYPE_REQUEST,
206 resp_cmd: DCERPC_TYPE_RESPONSE,
6916b63f
IB		 207 activityuuid: Vec::new(),
208 seqnum: 0,
bab497ab
SB		 209 tx_data: AppLayerTxData::new(),
210 de_state: None,
8036202c
SB		 211 };
212 }
8036202c 213
67b5295b
VJ		 214 pub fn free(&mut self) {
215 match self.de_state {
216 Some(state) => {
217 sc_detect_engine_state_free(state);
218 }
219 _ => {}
220 }
221 }
222
bab497ab
SB		 223 pub fn get_req_ctxid(&self) -> u16 {
224 self.ctxid
225 }
8036202c 226
bab497ab
SB		 227 pub fn get_first_req_seen(&self) -> u8 {
228 self.first_request_seen
229 }
230
231 pub fn get_req_opnum(&self) -> u16 {
232 self.opnum
233 }
234
235 pub fn get_endianness(&self) -> u8 {
236 self.endianness
8036202c
SB		 237 }
238}
239
67b5295b
VJ		 240impl Drop for DCERPCTransaction {
241 fn drop(&mut self) {
242 self.free();
243 }
244}
245
bab497ab
SB		 246#[derive(Debug)]
247pub struct DCERPCRequest {
248 pub ctxid: u16,
249 pub opnum: u16,
250 pub first_request_seen: u8,
251}
252
8036202c
SB		 253#[derive(Debug, Clone)]
254pub struct DCERPCUuidEntry {
255 pub ctxid: u16,
256 pub internal_id: u16,
257 pub result: u16,
258 pub uuid: Vec<u8>,
259 pub version: u16,
260 pub versionminor: u16,
261 pub flags: u16,
262}
263
264impl DCERPCUuidEntry {
265 pub fn new() -> DCERPCUuidEntry {
266 return DCERPCUuidEntry {
267 ctxid: 0,
268 internal_id: 0,
269 result: 0,
270 uuid: Vec::new(),
271 version: 0,
272 versionminor: 0,
273 flags: 0,
274 };
275 }
276}
277
278#[derive(Debug, PartialEq)]
279pub struct Uuid {
280 pub time_low: Vec<u8>,
281 pub time_mid: Vec<u8>,
282 pub time_hi_and_version: Vec<u8>,
283 pub clock_seq_hi_and_reserved: u8,
284 pub clock_seq_low: u8,
285 pub node: Vec<u8>,
286}
287
288#[derive(Debug)]
289pub struct DCERPCHdr {
290 pub rpc_vers: u8,
291 pub rpc_vers_minor: u8,
292 pub hdrtype: u8,
293 pub pfc_flags: u8,
294 pub packed_drep: Vec<u8>,
295 pub frag_length: u16,
296 pub auth_length: u16,
297 pub call_id: u32,
298}
299
300#[derive(Debug)]
301pub struct DCERPCBind {
302 pub numctxitems: u8,
303 pub uuid_list: Vec<DCERPCUuidEntry>,
304}
305
306#[derive(Debug)]
307pub struct BindCtxItem {
308 pub ctxid: u16,
309 pub uuid: Vec<u8>,
310 pub version: u16,
311 pub versionminor: u16,
312}
313
314#[derive(Debug, PartialEq)]
315pub struct DCERPCBindAckResult {
316 pub ack_result: u16,
317 pub ack_reason: u16,
318 pub transfer_syntax: Vec<u8>,
319 pub syntax_version: u32,
320}
321
322#[derive(Debug)]
323pub struct DCERPCBindAck {
324 pub accepted_uuid_list: Vec<DCERPCUuidEntry>,
325 pub sec_addr_len: u16,
326 pub numctxitems: u8,
327 pub ctxitems: Vec<DCERPCBindAckResult>,
328}
329
330#[derive(Debug)]
331pub struct DCERPCState {
332 pub header: Option<DCERPCHdr>,
333 pub bind: Option<DCERPCBind>,
334 pub bindack: Option<DCERPCBindAck>,
bab497ab 335 pub transactions: Vec<DCERPCTransaction>,
8036202c
SB		 336 pub buffer_ts: Vec<u8>,
337 pub buffer_tc: Vec<u8>,
338 pub pad: u8,
339 pub padleft: u16,
340 pub bytes_consumed: u16,
2840a2e0 341 pub tx_id: u64,
8036202c
SB		 342 pub query_completed: bool,
343 pub data_needed_for_dir: u8,
344 pub prev_dir: u8,
bab497ab
SB		 345 pub prev_tx_call_id: u32,
346 pub clear_bind_cache: bool,
4c7f55e6
SB		 347 pub ts_gap: bool,
348 pub tc_gap: bool,
349 pub ts_ssn_gap: bool,
350 pub tc_ssn_gap: bool,
8b288663
VJ		 351 pub ts_ssn_trunc: bool, /// true if Truncated in this direction
352 pub tc_ssn_trunc: bool,
0ac5c537 353 pub flow: Option<*const core::Flow>,
8036202c
SB		 354}
355
356impl DCERPCState {
357 pub fn new() -> DCERPCState {
358 return DCERPCState {
359 header: None,
360 bind: None,
361 bindack: None,
bab497ab 362 transactions: Vec::new(),
8036202c
SB		 363 buffer_ts: Vec::new(),
364 buffer_tc: Vec::new(),
365 pad: 0,
366 padleft: 0,
367 bytes_consumed: 0,
368 tx_id: 0,
369 query_completed: false,
370 data_needed_for_dir: core::STREAM_TOSERVER,
371 prev_dir: core::STREAM_TOSERVER,
bab497ab
SB		 372 prev_tx_call_id: 0,
373 clear_bind_cache: false,
4c7f55e6
SB		 374 ts_gap: false,
375 tc_gap: false,
376 ts_ssn_gap: false,
377 tc_ssn_gap: false,
8b288663
VJ		 378 ts_ssn_trunc: false,
379 tc_ssn_trunc: false,
0ac5c537 380 flow: None,
8036202c
SB		 381 };
382 }
383
bab497ab
SB		 384 fn create_tx(&mut self, call_id: u32) -> DCERPCTransaction {
385 let mut tx = DCERPCTransaction::new();
386 let endianness = self.get_hdr_drep_0() & 0x10;
387 tx.id = self.tx_id;
388 tx.call_id = call_id;
389 tx.endianness = endianness;
390 self.tx_id += 1;
8b288663
VJ		 391 tx.req_done = self.ts_ssn_trunc;
392 tx.resp_done = self.tc_ssn_trunc;
bab497ab
SB		 393 tx
394 }
395
5d985c42
VJ		 396 pub fn free_tx(&mut self, tx_id: u64) {
397 SCLogDebug!("Freeing TX with ID {} TX.ID {}", tx_id, tx_id+1);
398 let len = self.transactions.len();
399 let mut found = false;
400 let mut index = 0;
401 for i in 0..len {
402 let tx = &self.transactions[i];
403 if tx.id as u64 == tx_id { //+ 1 {
404 found = true;
405 index = i;
406 SCLogDebug!("tx {} progress {}/{}", tx.id, tx.req_done, tx.resp_done);
407 break;
408 }
409 }
410 if found {
411 SCLogDebug!("freeing TX with ID {} TX.ID {} at index {} left: {} max id: {}",
412 tx_id, tx_id+1, index, self.transactions.len(), self.tx_id);
413 self.transactions.remove(index);
414 }
415 }
416
8036202c
SB		 417 fn get_hdr_drep_0(&self) -> u8 {
418 if let Some(ref hdr) = &self.header {
419 return hdr.packed_drep[0];
420 }
421 0
422 }
423
424 fn get_endianness(&self) -> Endianness {
425 let drep_0 = self.get_hdr_drep_0();
426 if drep_0 & 0x10 == 0 {
427 return Endianness::Big;
428 }
429 Endianness::Little
430 }
431
432 fn get_hdr_fraglen(&self) -> Option<u16> {
433 debug_validate_bug_on!(self.header.is_none());
434 if let Some(ref hdr) = self.header {
435 return Some(hdr.frag_length);
436 }
437 // Shouldn't happen
438 None
439 }
440
441 fn get_hdr_pfcflags(&self) -> Option<u8> {
442 debug_validate_bug_on!(self.header.is_none());
443 if let Some(ref hdr) = self.header {
444 return Some(hdr.pfc_flags);
445 }
446 // Shouldn't happen
447 None
448 }
449
450 pub fn get_hdr_type(&self) -> Option<u8> {
451 debug_validate_bug_on!(self.header.is_none());
452 if let Some(ref hdr) = self.header {
453 return Some(hdr.hdrtype);
454 }
455 // Shouldn't happen
456 None
457 }
458
459 pub fn get_hdr_rpc_vers(&self) -> Option<u8> {
460 debug_validate_bug_on!(self.header.is_none());
461 if let Some(ref hdr) = self.header {
462 return Some(hdr.rpc_vers);
463 }
464 // Shouldn't happen
465 None
466 }
467
bab497ab
SB		 468 pub fn get_hdr_call_id(&self) -> Option<u32> {
469 debug_validate_bug_on!(self.header.is_none());
470 if let Some(ref hdr) = self.header {
471 return Some(hdr.call_id);
8036202c
SB		 472 }
473 // Shouldn't happen
474 None
475 }
476
477 pub fn handle_gap_ts(&mut self) -> u8 {
478 if self.buffer_ts.len() > 0 {
479 self.buffer_ts.clear();
480 }
481 return 0;
482 }
483
484 pub fn handle_gap_tc(&mut self) -> u8 {
485 if self.buffer_tc.len() > 0 {
486 self.buffer_tc.clear();
487 }
488 return 0;
489 }
490
491 pub fn clean_buffer(&mut self, direction: u8) {
492 match direction {
493 core::STREAM_TOSERVER => {
494 self.buffer_ts.clear();
4c7f55e6 495 self.ts_gap = false;
8036202c
SB		 496 }
497 _ => {
498 self.buffer_tc.clear();
4c7f55e6 499 self.tc_gap = false;
8036202c
SB		 500 }
501 }
502 self.bytes_consumed = 0;
503 }
504
505 pub fn extend_buffer(&mut self, buffer: &[u8], direction: u8) {
506 match direction {
507 core::STREAM_TOSERVER => {
508 self.buffer_ts.extend_from_slice(buffer);
509 }
510 _ => {
511 self.buffer_tc.extend_from_slice(buffer);
512 }
513 }
514 self.data_needed_for_dir = direction;
515 }
516
517 pub fn reset_direction(&mut self, direction: u8) {
518 if direction == core::STREAM_TOSERVER {
519 self.data_needed_for_dir = core::STREAM_TOCLIENT;
520 } else {
521 self.data_needed_for_dir = core::STREAM_TOSERVER;
522 }
523 }
524
bab497ab
SB		 525 /// Get transaction as per the given transaction ID. Transaction ID with
526 /// which the lookup is supposed to be done as per the calls from AppLayer
527 /// parser in C. This requires an internal transaction ID to be maintained.
528 ///
529 /// Arguments:
530 /// * `tx_id`:
531 /// type: unsigned 32 bit integer
532 /// description: internal transaction ID to track transactions
533 ///
534 /// Return value:
535 /// Option mutable reference to DCERPCTransaction
2840a2e0 536 pub fn get_tx(&mut self, tx_id: u64) -> Option<&mut DCERPCTransaction> {
bab497ab
SB		 537 for tx in &mut self.transactions {
538 let found = tx.id == tx_id;
539 if found {
540 return Some(tx);
541 }
542 }
543 None
544 }
545
546 /// Find the transaction as per call ID defined in header. If the tx is not
547 /// found, create one.
548 ///
549 /// Arguments:
550 /// * `call_id`:
551 /// type: unsigned 32 bit integer
552 /// description: call_id param derived from TCP Header
553 /// * `dir`:
554 /// type: unsigned 8 bit integer
555 /// description: direction of the flow
556 ///
557 /// Return value:
558 /// Option mutable reference to DCERPCTransaction
559 pub fn get_tx_by_call_id(&mut self, call_id: u32, dir: u8) -> Option<&mut DCERPCTransaction> {
560 let cmd = self.get_hdr_type().unwrap_or(0);
561 for tx in &mut self.transactions {
562 let found = tx.call_id == call_id;
563 if found {
564 match dir {
565 core::STREAM_TOSERVER => {
566 let resp_cmd = get_resp_type_for_req(cmd);
567 if resp_cmd != tx.resp_cmd {
568 continue;
569 }
570 }
571 _ => {
572 let req_cmd = get_req_type_for_resp(cmd);
573 if req_cmd != tx.req_cmd {
574 continue;
575 }
576 }
577 }
578 return Some(tx);
579 }
580 }
581 None
582 }
583
584 pub fn handle_bind_cache(&mut self, call_id: u32, is_response: bool) {
585 if self.clear_bind_cache == true {
586 self.bind = None;
587 self.bindack = None;
588 }
589 if self.prev_tx_call_id == call_id && is_response == true {
590 self.clear_bind_cache = true;
591 } else {
592 self.clear_bind_cache = false;
593 }
594 self.prev_tx_call_id = call_id;
595 }
596
4c7f55e6
SB		 597 pub fn parse_data_gap(&mut self, direction: u8) -> AppLayerResult {
598 match direction {
599 core::STREAM_TOSERVER => {
600 self.ts_gap = true;
601 self.ts_ssn_gap = true;
602 },
603 _ => {
604 self.tc_gap = true;
605 self.tc_ssn_gap = true;
606 },
607 }
608 AppLayerResult::ok()
609 }
610
611 pub fn post_gap_housekeeping(&mut self, dir: u8) {
612 SCLogDebug!("ts ssn gap: {:?}, tc ssn gap: {:?}, dir: {:?}", self.ts_ssn_gap, self.tc_ssn_gap, dir);
613 if self.ts_ssn_gap && dir == core::STREAM_TOSERVER {
614 for tx in &mut self.transactions {
615 if tx.id >= self.tx_id {
616 SCLogDebug!("post_gap_housekeeping: done");
617 break;
618 }
619 if tx.req_done == false {
620 tx.req_lost = true;
621 }
622 tx.req_done = true;
0ac5c537
SB		 623 if let Some(flow) = self.flow {
624 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, dir.into());
625 }
4c7f55e6
SB		 626 }
627 } else if self.tc_ssn_gap && dir == core::STREAM_TOCLIENT {
628 for tx in &mut self.transactions {
629 if tx.id >= self.tx_id {
630 SCLogDebug!("post_gap_housekeeping: done");
631 break;
632 }
633 if tx.req_done == false {
634 tx.req_lost = true;
635 }
636 if tx.resp_done == false {
637 tx.resp_lost = true;
638 }
639 tx.req_done = true;
640 tx.resp_done = true;
0ac5c537
SB		 641 if let Some(flow) = self.flow {
642 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, dir.into());
643 }
4c7f55e6
SB		 644 }
645 }
646 }
647
648 pub fn search_dcerpc_record<'a>(&mut self, i: &'a[u8]) -> nom::IResult<&'a[u8], &'a[u8]> {
649 let mut d = i;
650 while d.len() >= 2 {
651 if d[0] == 0x05 && d[1] == 0x00 {
652 return Ok((&d[2..], d));
653 }
654 d = &d[1..];
655 }
656 Err(nom::Err::Incomplete(nom::Needed::Size(2 as usize - d.len())))
657 }
658
8036202c
SB		 659 /// Makes a call to the nom parser for parsing DCERPC Header.
660 ///
661 /// Arguments:
662 /// * `input`:
663 /// type: u8 vector slice.
664 /// description: bytes from the beginning of the buffer.
665 ///
666 /// Return value:
667 /// * Success: Number of bytes successfully parsed.
668 /// * Failure: -1 in case of Incomplete data or Eof.
669 /// -2 in case of Error while parsing.
670 pub fn process_header(&mut self, input: &[u8]) -> i32 {
671 match parser::parse_dcerpc_header(input) {
672 Ok((leftover_bytes, header)) => {
673 if header.rpc_vers != 5
674 || (header.rpc_vers_minor != 0 && header.rpc_vers_minor != 1)
675 {
676 SCLogDebug!(
677 "DCERPC Header did not validate. Major version: {:?} Minor version: {:?}",
678 header.rpc_vers,
679 header.rpc_vers_minor
680 );
681 return -1;
682 }
683 self.header = Some(header);
684 (input.len() - leftover_bytes.len()) as i32
685 }
686 Err(nom::Err::Incomplete(_)) => {
687 // Insufficient data.
688 SCLogDebug!("Insufficient data while parsing DCERPC header");
689 -1
690 }
691 Err(nom::Err::Error(([], ErrorKind::Eof))) => {
692 SCLogDebug!("EoF reached while parsing DCERPC header");
693 -1
694 }
695 Err(_) => {
696 // Error, probably malformed data.
697 SCLogDebug!("An error occured while parsing DCERPC header");
698 -2
699 }
700 }
701 }
702
703 pub fn handle_bindctxitem(&mut self, input: &[u8], uuid_internal_id: u16) -> i32 {
704 let endianness = self.get_endianness();
705 match parser::parse_bindctx_item(input, endianness) {
706 Ok((leftover_bytes, ctxitem)) => {
707 let mut uuidentry = DCERPCUuidEntry::new();
708 uuidentry.uuid = ctxitem.uuid;
709 uuidentry.internal_id = uuid_internal_id;
710 uuidentry.ctxid = ctxitem.ctxid;
711 uuidentry.version = ctxitem.version;
712 uuidentry.versionminor = ctxitem.versionminor;
713 let pfcflags = self.get_hdr_pfcflags().unwrap_or(0);
714 // Store the first frag flag in the uuid as pfc_flags will
715 // be overwritten by new packets
716 if pfcflags & PFC_FIRST_FRAG > 0 {
717 uuidentry.flags |= DCERPC_UUID_ENTRY_FLAG_FF;
718 }
719 if let Some(ref mut bind) = self.bind {
720 SCLogDebug!("DCERPC BIND CtxItem: Pushing uuid: {:?}", uuidentry);
721 bind.uuid_list.push(uuidentry);
722 }
723 (input.len() - leftover_bytes.len()) as i32
724 }
725 Err(nom::Err::Incomplete(_)) => {
726 // Insufficient data.
727 SCLogDebug!("Insufficient data while parsing DCERPC BIND CTXItem");
728 -1
729 }
730 Err(_) => {
731 // Error, probably malformed data.
732 SCLogDebug!("An error occurred while parsing DCERPC BIND CTXItem");
733 -1
734 }
735 }
736 }
737
738 pub fn process_bind_pdu(&mut self, input: &[u8]) -> i32 {
739 let mut retval = 0;
740 let mut idx = 12; // Bytes consumed if parser returns OK would be 12
741 match parser::parse_dcerpc_bind(input) {
742 Ok((leftover_bytes, header)) => {
743 let numctxitems = header.numctxitems;
744 self.bind = Some(header);
745 for i in 0..numctxitems {
746 retval = self.handle_bindctxitem(&input[idx as usize..], i as u16);
747 if retval == -1 {
748 return -1;
749 }
750 idx = retval + idx;
751 }
bab497ab
SB		 752 let call_id = self.get_hdr_call_id().unwrap_or(0);
753 let mut tx = self.create_tx(call_id);
754 tx.req_cmd = self.get_hdr_type().unwrap_or(0);
755 tx.req_done = true;
0ac5c537
SB		 756 if let Some(flow) = self.flow {
757 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, core::STREAM_TOSERVER.into());
758 }
bab497ab
SB		 759 tx.frag_cnt_ts = 1;
760 self.transactions.push(tx);
8036202c
SB		 761 // Bytes parsed with `parse_dcerpc_bind` + (bytes parsed per bindctxitem [44] * number
762 // of bindctxitems)
763 (input.len() - leftover_bytes.len()) as i32 + retval * numctxitems as i32
764 }
765 Err(nom::Err::Incomplete(_)) => {
766 // Insufficient data.
767 SCLogDebug!("Insufficient data while parsing DCERPC BIND header");
768 -1
769 }
770 Err(_) => {
771 // Error, probably malformed data.
772 SCLogDebug!("An error occurred while parsing DCERPC BIND header");
773 -1
774 }
775 }
776 }
777
778 pub fn process_bindack_pdu(&mut self, input: &[u8]) -> i32 {
779 match parser::parse_dcerpc_bindack(input) {
780 Ok((leftover_bytes, mut back)) => {
781 if let Some(ref mut bind) = self.bind {
782 let mut uuid_internal_id = 0;
783 for r in back.ctxitems.iter() {
784 for mut uuid in bind.uuid_list.iter_mut() {
785 if uuid.internal_id == uuid_internal_id {
786 uuid.result = r.ack_result;
787 if uuid.result != 0 {
788 break;
789 }
790 back.accepted_uuid_list.push(uuid.clone());
791 SCLogDebug!("DCERPC BINDACK accepted UUID: {:?}", uuid);
792 }
793 }
794 uuid_internal_id += 1;
795 }
796 self.bindack = Some(back);
797 }
798 (input.len() - leftover_bytes.len()) as i32
799 }
800 Err(nom::Err::Incomplete(_)) => {
801 // Insufficient data.
802 SCLogDebug!("Insufficient data while parsing DCERPC BINDACK");
803 -1
804 }
805 Err(_) => {
806 // Error, probably malformed data.
807 SCLogDebug!("An error occurred while parsing DCERPC BINDACK");
808 -1
809 }
810 }
811 }
812
bab497ab
SB		 813 pub fn handle_stub_data(&mut self, input: &[u8], input_len: u16, dir: u8) -> u16 {
814 let retval;
8036202c
SB		 815 let hdrpfcflags = self.get_hdr_pfcflags().unwrap_or(0);
816 let padleft = self.padleft;
bab497ab
SB		 817 let call_id = self.get_hdr_call_id().unwrap_or(0);
818 let hdrtype = self.get_hdr_type();
819 let tx;
820 if let Some(transaction) = self.get_tx_by_call_id(call_id, dir) {
821 tx = transaction;
822 } else {
823 SCLogDebug!("No transaction found matching the call ID: {:?}", call_id);
824 return 0;
825 }
826
8036202c 827 // Update the stub params based on the packet type
bab497ab 828 match hdrtype {
8036202c
SB		 829 Some(x) => match x {
830 DCERPC_TYPE_REQUEST => {
bab497ab
SB		 831 retval = evaluate_stub_params(
832 input,
833 input_len,
834 hdrpfcflags,
835 padleft,
836 &mut tx.stub_data_buffer_ts,
bab497ab
SB		 837 &mut tx.stub_data_buffer_reset_ts,
838 );
839 tx.req_done = true;
840 tx.frag_cnt_ts = 1;
0ac5c537
SB		 841 if let Some(flow) = self.flow {
842 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, core::STREAM_TOSERVER.into());
843 }
8036202c
SB		 844 }
845 DCERPC_TYPE_RESPONSE => {
bab497ab
SB		 846 retval = evaluate_stub_params(
847 input,
848 input_len,
849 hdrpfcflags,
850 padleft,
851 &mut tx.stub_data_buffer_tc,
bab497ab
SB		 852 &mut tx.stub_data_buffer_reset_tc,
853 );
854 tx.resp_done = true;
855 tx.frag_cnt_tc = 1;
0ac5c537
SB		 856 if let Some(flow) = self.flow {
857 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, core::STREAM_TOCLIENT.into());
858 }
8036202c
SB		 859 }
860 _ => {
861 SCLogDebug!("Unrecognized packet type");
862 return 0;
863 }
864 },
865 None => {
866 return 0;
867 }
868 }
869 // Update the remaining fragment length
870 self.padleft -= retval;
871
872 retval
873 }
874
875 /// Handles stub data for both request and response.
876 ///
877 /// Arguments:
878 /// * `input`:
879 /// type: u8 vector slice.
880 /// description: bytes left *after* parsing header.
881 /// * `bytes_consumed`:
882 /// type: 16 bit unsigned integer.
883 /// description: bytes consumed *after* parsing header.
884 /// * `dir`:
885 /// type: 8 bit unsigned integer.
886 /// description: direction whose stub is supposed to be handled.
887 ///
888 /// Return value:
889 /// * Success: Number of bytes successfully parsed.
890 /// * Failure: -1 in case fragment length defined by header mismatches the data.
891 pub fn handle_common_stub(&mut self, input: &[u8], bytes_consumed: u16, dir: u8) -> i32 {
892 let fraglen = self.get_hdr_fraglen().unwrap_or(0);
893 if fraglen < bytes_consumed as u16 + DCERPC_HDR_LEN {
894 return -1;
895 }
896 self.padleft = fraglen - DCERPC_HDR_LEN - bytes_consumed;
897 let mut input_left = input.len() as u16 - bytes_consumed;
301454e9
SB		 898 let mut parsed = bytes_consumed as i32;
899 while input_left > 0 && parsed < fraglen as i32 {
bab497ab 900 let retval = self.handle_stub_data(&input[parsed as usize..], input_left, dir);
8036202c 901 if retval > 0 && retval <= input_left {
301454e9 902 parsed += retval as i32;
8036202c
SB		 903 input_left -= retval;
904 } else if input_left > 0 {
905 SCLogDebug!(
906 "Error parsing DCERPC {} stub data",
907 if dir == core::STREAM_TOSERVER {
908 "request"
909 } else {
910 "response"
911 }
912 );
301454e9 913 parsed -= input_left as i32;
8036202c
SB		 914 input_left = 0;
915 }
916 }
301454e9 917 parsed
8036202c
SB		 918 }
919
920 pub fn process_request_pdu(&mut self, input: &[u8]) -> i32 {
921 let endianness = self.get_endianness();
922 match parser::parse_dcerpc_request(input, endianness) {
bab497ab
SB		 923 Ok((leftover_input, request)) => {
924 let call_id = self.get_hdr_call_id().unwrap_or(0);
925 let hdr_type = self.get_hdr_type().unwrap_or(0);
926 let mut transaction = self.get_tx_by_call_id(call_id, core::STREAM_TOSERVER);
927 match transaction {
928 Some(ref mut tx) => {
929 tx.req_cmd = hdr_type;
930 tx.ctxid = request.ctxid;
931 tx.opnum = request.opnum;
932 tx.first_request_seen = request.first_request_seen;
933 }
934 None => {
935 let mut tx = self.create_tx(call_id);
936 tx.req_cmd = hdr_type;
937 tx.ctxid = request.ctxid;
938 tx.opnum = request.opnum;
939 tx.first_request_seen = request.first_request_seen;
940 self.transactions.push(tx);
941 }
942 }
8036202c
SB		 943 let parsed = self.handle_common_stub(
944 &input,
945 (input.len() - leftover_input.len()) as u16,
946 core::STREAM_TOSERVER,
947 );
948 parsed
949 }
950 Err(nom::Err::Incomplete(_)) => {
951 // Insufficient data.
952 SCLogDebug!("Insufficient data while parsing DCERPC REQUEST");
953 -1
954 }
955 Err(_) => {
956 // Error, probably malformed data.
957 SCLogDebug!("An error occurred while parsing DCERPC REQUEST");
958 -1
959 }
960 }
961 }
962
963 pub fn handle_input_data(&mut self, input: &[u8], direction: u8) -> AppLayerResult {
964 let mut parsed;
965 let retval;
4c7f55e6
SB		 966 let mut cur_i = input;
967 let input_len = cur_i.len();
8036202c
SB		 968 let mut v: Vec<u8>;
969 // Set any query's completion status to false in the beginning
970 self.query_completed = false;
4c7f55e6
SB		 971
972 // Skip the record since this means that its in the middle of a known length record
97c67cd5 973 if (self.ts_gap && direction == core::STREAM_TOSERVER) || (self.tc_gap && direction == core::STREAM_TOCLIENT) {
4c7f55e6 974 SCLogDebug!("Trying to catch up after GAP (input {})", cur_i.len());
97c67cd5
SB		 975 match self.search_dcerpc_record(cur_i) {
976 Ok((_, pg)) => {
977 SCLogDebug!("DCERPC record found");
978 let offset = cur_i.len() - pg.len();
979 cur_i = &cur_i[offset..];
980 match direction {
981 core::STREAM_TOSERVER => {
982 self.ts_gap = false;
983 },
984 _ => {
985 self.tc_gap = false;
4c7f55e6 986 }
97c67cd5
SB		 987 }
988 },
989 _ => {
990 let mut consumed = cur_i.len();
991 // At least 2 bytes are required to know if a new record is beginning
992 if consumed < 2 {
993 consumed = 0;
994 } else {
995 consumed = consumed - 1;
996 }
997 SCLogDebug!("DCERPC record NOT found");
998 return AppLayerResult::incomplete(consumed as u32, 2);
999 },
4c7f55e6
SB		 1000 }
1001 }
1002
8036202c
SB		 1003 // Overwrite the dcerpc_state data in case of multiple complete queries in the
1004 // same direction
1005 if self.prev_dir == direction {
1006 self.data_needed_for_dir = direction;
1007 }
1008
1009 let buffer = match direction {
1010 core::STREAM_TOSERVER => {
1011 if self.buffer_ts.len() + input_len > 1024 * 1024 {
1012 SCLogDebug!("DCERPC TOSERVER stream: Buffer Overflow");
1013 return AppLayerResult::err();
1014 }
1015 v = self.buffer_ts.split_off(0);
4c7f55e6 1016 v.extend_from_slice(cur_i);
8036202c
SB		 1017 v.as_slice()
1018 }
1019 _ => {
1020 if self.buffer_tc.len() + input_len > 1024 * 1024 {
1021 SCLogDebug!("DCERPC TOCLIENT stream: Buffer Overflow");
1022 return AppLayerResult::err();
1023 }
1024 v = self.buffer_tc.split_off(0);
4c7f55e6 1025 v.extend_from_slice(cur_i);
8036202c
SB		 1026 v.as_slice()
1027 }
1028 };
1029
1030 if self.data_needed_for_dir != direction && buffer.len() != 0 {
1031 return AppLayerResult::err();
1032 }
1033
1034 // Set data_needed_for_dir in the same direction in case there is an issue with upcoming parsing
1035 self.data_needed_for_dir = direction;
1036
1037 // Check if header data was complete. In case of EoF or incomplete data, wait for more
1038 // data else return error
1039 if self.bytes_consumed < DCERPC_HDR_LEN && input_len > 0 {
1040 parsed = self.process_header(&buffer);
1041 if parsed == -1 {
1042 self.extend_buffer(buffer, direction);
1043 return AppLayerResult::ok();
1044 }
1045 if parsed == -2 {
1046 return AppLayerResult::err();
1047 }
1048 self.bytes_consumed += parsed as u16;
1049 }
1050
1051 let fraglen = self.get_hdr_fraglen().unwrap_or(0);
1052
1053 if (buffer.len() as u16) < fraglen {
1054 SCLogDebug!("Possibly fragmented data, waiting for more..");
1055 self.extend_buffer(buffer, direction);
1056 return AppLayerResult::ok();
1057 } else {
1058 self.query_completed = true;
1059 }
8036202c
SB		 1060 parsed = self.bytes_consumed as i32;
1061
bab497ab
SB		 1062 let current_call_id = self.get_hdr_call_id().unwrap_or(0);
1063
8036202c
SB		 1064 match self.get_hdr_type() {
1065 Some(x) => match x {
1066 DCERPC_TYPE_BIND | DCERPC_TYPE_ALTER_CONTEXT => {
1067 retval = self.process_bind_pdu(&buffer[parsed as usize..]);
1068 if retval == -1 {
1069 return AppLayerResult::err();
1070 }
bab497ab 1071 self.handle_bind_cache(current_call_id, false);
8036202c
SB		 1072 }
1073 DCERPC_TYPE_BINDACK | DCERPC_TYPE_ALTER_CONTEXT_RESP => {
1074 retval = self.process_bindack_pdu(&buffer[parsed as usize..]);
1075 if retval == -1 {
1076 return AppLayerResult::err();
1077 }
f31372ad 1078 let tx = if let Some(tx) = self.get_tx_by_call_id(current_call_id, core::STREAM_TOCLIENT) {
bab497ab
SB		 1079 tx.resp_cmd = x;
1080 tx
1081 } else {
1082 let mut tx = self.create_tx(current_call_id);
1083 tx.resp_cmd = x;
1084 self.transactions.push(tx);
1085 self.transactions.last_mut().unwrap()
1086 };
1087 tx.resp_done = true;
1088 tx.frag_cnt_tc = 1;
0ac5c537
SB		 1089 if let Some(flow) = self.flow {
1090 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, core::STREAM_TOCLIENT.into());
1091 }
bab497ab 1092 self.handle_bind_cache(current_call_id, false);
8036202c
SB		 1093 }
1094 DCERPC_TYPE_REQUEST => {
1095 retval = self.process_request_pdu(&buffer[parsed as usize..]);
301454e9 1096 if retval < 0 {
8036202c
SB		 1097 return AppLayerResult::err();
1098 }
bab497ab
SB		 1099 // In case the response came first, the transaction would complete later when
1100 // the corresponding request also comes through
1101 self.handle_bind_cache(current_call_id, false);
8036202c
SB		 1102 }
1103 DCERPC_TYPE_RESPONSE => {
bab497ab
SB		 1104 let transaction = self.get_tx_by_call_id(current_call_id, core::STREAM_TOCLIENT);
1105 match transaction {
f31372ad 1106 Some(tx) => {
bab497ab
SB		 1107 tx.resp_cmd = x;
1108 }
1109 None => {
1110 let mut tx = self.create_tx(current_call_id);
1111 tx.resp_cmd = x;
1112 self.transactions.push(tx);
1113 }
1114 };
8036202c
SB		 1115 retval = self.handle_common_stub(
1116 &buffer[parsed as usize..],
1117 0,
1118 core::STREAM_TOCLIENT,
1119 );
301454e9 1120 if retval < 0 {
8036202c
SB		 1121 return AppLayerResult::err();
1122 }
bab497ab 1123 self.handle_bind_cache(current_call_id, true);
8036202c
SB		 1124 }
1125 _ => {
4c7f55e6 1126 SCLogDebug!("Unrecognized packet type: {:?}", x);
8036202c
SB		 1127 self.clean_buffer(direction);
1128 return AppLayerResult::err();
1129 }
1130 },
1131 None => {
1132 return AppLayerResult::err();
1133 }
1134 }
1135 self.bytes_consumed += retval as u16;
1136
1137 // If the query has been completed, clean the buffer and reset the direction
1138 if self.query_completed == true {
1139 self.clean_buffer(direction);
1140 self.reset_direction(direction);
1141 }
4c7f55e6 1142 self.post_gap_housekeeping(direction);
8036202c
SB		 1143 self.prev_dir = direction;
1144 return AppLayerResult::ok();
1145 }
1146}
1147
1148fn evaluate_stub_params(
2033f386
IB		 1149 input: &[u8], input_len: u16, hdrflags: u8, lenleft: u16,
1150 stub_data_buffer: &mut Vec<u8>,stub_data_buffer_reset: &mut bool,
8036202c
SB		 1151) -> u16 {
1152 let stub_len: u16;
1153 let fragtype = hdrflags & (PFC_FIRST_FRAG | PFC_LAST_FRAG);
1154 stub_len = cmp::min(lenleft, input_len);
1155 if stub_len == 0 {
1156 return 0;
1157 }
1158 if stub_len == lenleft && (fragtype == 0 || (fragtype & PFC_LAST_FRAG > 0)) {
1159 *stub_data_buffer_reset = true;
1160 }
1161
1162 let input_slice = &input[..stub_len as usize];
1163 stub_data_buffer.extend_from_slice(&input_slice);
8036202c
SB		 1164
1165 stub_len
1166}
1167
1168#[no_mangle]
1169pub extern "C" fn rs_parse_dcerpc_request_gap(
4c7f55e6
SB		 1170 state: &mut DCERPCState,
1171 _input_len: u32,
8036202c 1172) -> AppLayerResult {
4c7f55e6 1173 state.parse_data_gap(core::STREAM_TOSERVER)
8036202c
SB		 1174}
1175
1176#[no_mangle]
1177pub extern "C" fn rs_parse_dcerpc_response_gap(
4c7f55e6
SB		 1178 state: &mut DCERPCState,
1179 _input_len: u32,
8036202c 1180) -> AppLayerResult {
4c7f55e6 1181 state.parse_data_gap(core::STREAM_TOCLIENT)
8036202c
SB		 1182}
1183
1184#[no_mangle]
1185pub extern "C" fn rs_dcerpc_parse_request(
a0a09a10
SB		 1186 flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
1187 input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, flags: u8,
8036202c 1188) -> AppLayerResult {
a0a09a10 1189 let state = cast_pointer!(state, DCERPCState);
9f9c29a1
VJ		 1190 SCLogDebug!("Handling request: input {:p} input_len {} flags {:x} EOF {}",
1191 input, input_len, flags, flags & core::STREAM_EOF != 0);
1192 if flags & core::STREAM_EOF != 0 && input_len == 0 {
1193 return AppLayerResult::ok();
1194 }
4c7f55e6
SB		 1195 /* START with MIDSTREAM set: record might be starting the middle. */
1196 if flags & (core::STREAM_START|core::STREAM_MIDSTREAM) == (core::STREAM_START|core::STREAM_MIDSTREAM) {
1197 state.ts_gap = true;
1198 }
8036202c
SB		 1199 if input_len > 0 && input != std::ptr::null_mut() {
1200 let buf = build_slice!(input, input_len as usize);
0ac5c537 1201 state.flow = Some(flow);
9f9c29a1 1202 return state.handle_input_data(buf, core::STREAM_TOSERVER);
8036202c
SB		 1203 }
1204 AppLayerResult::err()
1205}
1206
1207#[no_mangle]
1208pub extern "C" fn rs_dcerpc_parse_response(
a0a09a10
SB		 1209 flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
1210 input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, flags: u8,
8036202c 1211) -> AppLayerResult {
a0a09a10 1212 let state = cast_pointer!(state, DCERPCState);
9f9c29a1
VJ		 1213 if flags & core::STREAM_EOF != 0 && input_len == 0 {
1214 return AppLayerResult::ok();
1215 }
4c7f55e6
SB		 1216 /* START with MIDSTREAM set: record might be starting the middle. */
1217 if flags & (core::STREAM_START|core::STREAM_MIDSTREAM) == (core::STREAM_START|core::STREAM_MIDSTREAM) {
1218 state.tc_gap = true;
1219 }
8036202c
SB		 1220 if input_len > 0 {
1221 if input != std::ptr::null_mut() {
1222 let buf = build_slice!(input, input_len as usize);
0ac5c537 1223 state.flow = Some(flow);
9f9c29a1 1224 return state.handle_input_data(buf, core::STREAM_TOCLIENT);
8036202c
SB		 1225 }
1226 }
1227 AppLayerResult::err()
1228}
1229
1230#[no_mangle]
a0a09a10 1231pub extern "C" fn rs_dcerpc_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: core::AppProto) -> *mut std::os::raw::c_void {
8036202c
SB		 1232 let state = DCERPCState::new();
1233 let boxed = Box::new(state);
a0a09a10 1234 return unsafe { transmute(boxed)};
8036202c
SB		 1235}
1236
1237#[no_mangle]
a0a09a10
SB		 1238pub extern "C" fn rs_dcerpc_state_free(state: *mut std::os::raw::c_void) {
1239 let _state: Box<DCERPCState> = unsafe { transmute(state) };
8036202c
SB		 1240}
1241
1242#[no_mangle]
5d985c42
VJ		 1243pub extern "C" fn rs_dcerpc_state_transaction_free(state: *mut std::os::raw::c_void, tx_id: u64) {
1244 let dce_state = cast_pointer!(state, DCERPCState);
1245 SCLogDebug!("freeing tx {}", tx_id as u64);
1246 dce_state.free_tx(tx_id);
8036202c
SB		 1247}
1248
8b288663
VJ		 1249#[no_mangle]
1250pub extern "C" fn rs_dcerpc_state_trunc(state: *mut std::os::raw::c_void, direction: u8) {
1251 let dce_state = cast_pointer!(state, DCERPCState);
1252 if direction & core::STREAM_TOSERVER != 0 {
1253 dce_state.ts_ssn_trunc = true;
1254 for tx in &mut dce_state.transactions {
1255 tx.req_done = true;
0ac5c537
SB		 1256 if let Some(flow) = dce_state.flow {
1257 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, core::STREAM_TOSERVER.into());
1258 }
8b288663
VJ		 1259 }
1260 SCLogDebug!("dce_state.ts_ssn_trunc = true; txs {}", dce_state.transactions.len());
1261 } else if direction & core::STREAM_TOCLIENT != 0 {
1262 dce_state.tc_ssn_trunc = true;
1263 for tx in &mut dce_state.transactions {
1264 tx.resp_done = true;
0ac5c537
SB		 1265 if let Some(flow) = dce_state.flow {
1266 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, core::STREAM_TOCLIENT.into());
1267 }
8b288663
VJ		 1268 }
1269 SCLogDebug!("dce_state.tc_ssn_trunc = true; txs {}", dce_state.transactions.len());
1270 }
1271}
1272
8036202c
SB		 1273#[no_mangle]
1274pub extern "C" fn rs_dcerpc_get_tx_detect_state(
1275 vtx: *mut std::os::raw::c_void,
1276) -> *mut core::DetectEngineState {
bab497ab
SB		 1277 let dce_tx = cast_pointer!(vtx, DCERPCTransaction);
1278 match dce_tx.de_state {
8036202c
SB		 1279 Some(ds) => ds,
1280 None => std::ptr::null_mut(),
1281 }
1282}
1283
1284#[no_mangle]
1285pub extern "C" fn rs_dcerpc_set_tx_detect_state(
a0a09a10
SB		 1286 vtx: *mut std::os::raw::c_void, de_state: &mut core::DetectEngineState,
1287) -> std::os::raw::c_int {
bab497ab
SB		 1288 let dce_tx = cast_pointer!(vtx, DCERPCTransaction);
1289 dce_tx.de_state = Some(de_state);
8036202c
SB		 1290 0
1291}
1292
1293#[no_mangle]
1294pub extern "C" fn rs_dcerpc_get_tx(
2840a2e0 1295 vtx: *mut std::os::raw::c_void, tx_id: u64,
a0a09a10 1296) -> *mut std::os::raw::c_void {
bab497ab
SB		 1297 let dce_state = cast_pointer!(vtx, DCERPCState);
1298 match dce_state.get_tx(tx_id) {
a0a09a10 1299 Some(tx) => unsafe { transmute(tx) },
bab497ab
SB		 1300 None => std::ptr::null_mut(),
1301 }
8036202c
SB		 1302}
1303
1304#[no_mangle]
2840a2e0 1305pub extern "C" fn rs_dcerpc_get_tx_cnt(vtx: *mut std::os::raw::c_void) -> u64 {
bab497ab
SB		 1306 let dce_state = cast_pointer!(vtx, DCERPCState);
1307 dce_state.tx_id
8036202c
SB		 1308}
1309
1310#[no_mangle]
a0a09a10
SB		 1311pub extern "C" fn rs_dcerpc_get_alstate_progress(tx: *mut std::os::raw::c_void, direction: u8
1312 )-> std::os::raw::c_int {
1313 let tx = cast_pointer!(tx, DCERPCTransaction);
bab497ab
SB		 1314 if direction == core::STREAM_TOSERVER && tx.req_done {
1315 SCLogDebug!("tx {} TOSERVER progress 1 => {:?}", tx.call_id, tx);
1316 return 1;
1317 } else if direction == core::STREAM_TOCLIENT && tx.resp_done {
1318 SCLogDebug!("tx {} TOCLIENT progress 1 => {:?}", tx.call_id, tx);
1319 return 1;
1320 }
1321 SCLogDebug!("tx {} direction {} progress 0", tx.call_id, direction);
1322 return 0;
8036202c
SB		 1323}
1324
8036202c 1325#[no_mangle]
3202d293
VJ		 1326pub extern "C" fn rs_dcerpc_get_tx_data(
1327 tx: *mut std::os::raw::c_void)
1328 -> *mut AppLayerTxData
1329{
bab497ab 1330 let tx = cast_pointer!(tx, DCERPCTransaction);
3202d293 1331 return &mut tx.tx_data;
8036202c
SB		 1332}
1333
1334#[no_mangle]
1335pub unsafe extern "C" fn rs_dcerpc_get_stub_data(
bab497ab 1336 tx: &mut DCERPCTransaction, buf: *mut *const u8, len: *mut u32, endianness: *mut u8, dir: u8,
8036202c
SB		 1337) {
1338 match dir {
1339 core::STREAM_TOSERVER => {
2033f386 1340 *len = tx.stub_data_buffer_ts.len() as u32;
bab497ab
SB		 1341 *buf = tx.stub_data_buffer_ts.as_ptr();
1342 SCLogDebug!("DCERPC Request stub buffer: Setting buffer to: {:?}", *buf);
8036202c
SB		 1343 }
1344 _ => {
2033f386 1345 *len = tx.stub_data_buffer_tc.len() as u32;
bab497ab
SB		 1346 *buf = tx.stub_data_buffer_tc.as_ptr();
1347 SCLogDebug!("DCERPC Response stub buffer: Setting buffer to: {:?}", *buf);
8036202c
SB		 1348 }
1349 }
bab497ab 1350 *endianness = tx.get_endianness();
8036202c
SB		 1351}
1352
3641f1b5
SB		 1353/// Probe input to see if it looks like DCERPC.
1354fn probe(input: &[u8]) -> (bool, bool) {
1355 match parser::parse_dcerpc_header(input) {
1356 Ok((_, hdr)) => {
1357 let is_request = hdr.hdrtype == 0x00;
c663ac6d
SB		 1358 let is_dcerpc = hdr.rpc_vers == 0x05 &&
1359 hdr.rpc_vers_minor == 0x00 &&
1360 hdr.packed_drep[0] & 0xee == 0 &&
1361 hdr.packed_drep[1] <= 3;
3641f1b5
SB		 1362 return (is_dcerpc, is_request);
1363 },
1364 Err(_) => (false, false),
1365 }
1366}
1367
1368#[no_mangle]
a0a09a10 1369pub extern "C" fn rs_dcerpc_probe_tcp(_f: *const core::Flow, direction: u8, input: *const u8,
dee972b8 1370 len: u32, rdir: *mut u8) -> AppProto
3641f1b5
SB		 1371{
1372 SCLogDebug!("Probing packet for DCERPC");
1373 if len == 0 {
1374 return core::ALPROTO_UNKNOWN;
1375 }
1376 let slice: &[u8] = unsafe {
1377 std::slice::from_raw_parts(input as *mut u8, len as usize)
1378 };
1379 //is_incomplete is checked by caller
1380 let (is_dcerpc, is_request, ) = probe(slice);
1381 if is_dcerpc {
1382 let dir = if is_request {
1383 core::STREAM_TOSERVER
1384 } else {
1385 core::STREAM_TOCLIENT
1386 };
1387 if direction & (core::STREAM_TOSERVER|core::STREAM_TOCLIENT) != dir {
1388 unsafe { *rdir = dir };
1389 }
1390 return 1;
1391 }
1392 return 0;
3641f1b5
SB		 1393}
1394
8036202c
SB		 1395#[cfg(test)]
1396mod tests {
1397 use crate::applayer::AppLayerResult;
1398 use crate::core;
1399 use crate::dcerpc::dcerpc::DCERPCState;
1400 use std::cmp;
1401
1402 #[test]
1403 fn test_process_header() {
1404 let request: &[u8] = &[
1405 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1406 0x00, 0x00,
1407 ];
1408 let mut dcerpc_state = DCERPCState::new();
1409 assert_eq!(16, dcerpc_state.process_header(request));
1410 }
1411
1412 #[test]
1413 fn test_process_bind_pdu() {
2ce7d98a
SB		 1414 let header: &[u8] = &[
1415 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1416 0x00, 0x00,
1417 ];
8036202c
SB		 1418 let bind: &[u8] = &[
1419 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00,
1420 0x01, 0x00, 0x2c, 0xd0, 0x28, 0xda, 0x76, 0x91, 0xf6, 0x6e, 0xcb, 0x0f, 0xbf, 0x85,
1421 0xcd, 0x9b, 0xf6, 0x39, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1422 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1423 0x01, 0x00, 0x01, 0x00, 0x2c, 0x75, 0xce, 0x7e, 0x82, 0x3b, 0x06, 0xac, 0x1b, 0xf0,
1424 0xf5, 0xb7, 0xa7, 0xf7, 0x28, 0xaf, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1425 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1426 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0xe3, 0xb2, 0x10, 0xd1, 0xd0, 0x0c, 0xcc, 0x3d,
1427 0x2f, 0x80, 0x20, 0x7c, 0xef, 0xe7, 0x09, 0xe0, 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d,
1428 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1429 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0xde, 0x85, 0x70, 0xc4, 0x02, 0x7c,
1430 0x60, 0x23, 0x67, 0x0c, 0x22, 0xbf, 0x18, 0x36, 0x79, 0x17, 0x01, 0x00, 0x02, 0x00,
1431 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1432 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x41, 0x65, 0x29, 0x51,
1433 0xaa, 0xe7, 0x7b, 0xa8, 0xf2, 0x37, 0x0b, 0xd0, 0x3f, 0xb3, 0x36, 0xed, 0x05, 0x00,
1434 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1435 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00, 0x14, 0x96,
1436 0x80, 0x01, 0x2e, 0x78, 0xfb, 0x5d, 0xb4, 0x3c, 0x14, 0xb3, 0x3d, 0xaa, 0x02, 0xfb,
1437 0x06, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1438 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00, 0x01, 0x00,
1439 0x3b, 0x04, 0x68, 0x3e, 0x63, 0xfe, 0x9f, 0xd8, 0x64, 0x55, 0xcd, 0xe7, 0x39, 0xaf,
1440 0x98, 0x9f, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1441 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x07, 0x00,
1442 0x01, 0x00, 0x16, 0x7a, 0x4f, 0x1b, 0xdb, 0x25, 0x92, 0x55, 0xdd, 0xae, 0x9e, 0x5b,
1443 0x3e, 0x93, 0x66, 0x93, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1444 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1445 0x08, 0x00, 0x01, 0x00, 0xe8, 0xa4, 0x8a, 0xcf, 0x95, 0x6c, 0xc7, 0x8f, 0x14, 0xcc,
1446 0x56, 0xfc, 0x7b, 0x5f, 0x4f, 0xe8, 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1447 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1448 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xd8, 0xda, 0xfb, 0xbc, 0xa2, 0x55, 0x6f, 0x5d,
1449 0xc0, 0x2d, 0x88, 0x6f, 0x00, 0x17, 0x52, 0x8d, 0x06, 0x00, 0x03, 0x00, 0x04, 0x5d,
1450 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1451 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x3f, 0x17, 0x55, 0x0c, 0xf4, 0x23,
1452 0x3c, 0xca, 0xe6, 0xa0, 0xaa, 0xcc, 0xb5, 0xe3, 0xf9, 0xce, 0x04, 0x00, 0x00, 0x00,
1453 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1454 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x6a, 0x28, 0x19, 0x39,
1455 0x0c, 0xb1, 0xd0, 0x11, 0x9b, 0xa8, 0x00, 0xc0, 0x4f, 0xd9, 0x2e, 0xf5, 0x00, 0x00,
1456 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1457 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00, 0xc9, 0x9f,
1458 0x3e, 0x6e, 0x82, 0x0a, 0x2b, 0x28, 0x37, 0x78, 0xe1, 0x13, 0x70, 0x05, 0x38, 0x4d,
1459 0x01, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1460 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x01, 0x00,
1461 0x11, 0xaa, 0x4b, 0x15, 0xdf, 0xa6, 0x86, 0x3f, 0xfb, 0xe0, 0x09, 0xb7, 0xf8, 0x56,
1462 0xd2, 0x3f, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1463 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0e, 0x00,
1464 0x01, 0x00, 0xee, 0x99, 0xc4, 0x25, 0x11, 0xe4, 0x95, 0x62, 0x29, 0xfa, 0xfd, 0x26,
1465 0x57, 0x02, 0xf1, 0xce, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1466 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1467 0x0f, 0x00, 0x01, 0x00, 0xba, 0x81, 0x9e, 0x1a, 0xdf, 0x2b, 0xba, 0xe4, 0xd3, 0x17,
1468 0x41, 0x60, 0x6d, 0x2d, 0x9e, 0x28, 0x03, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1469 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1470 0x00, 0x00, 0x10, 0x00, 0x01, 0x00, 0xa0, 0x24, 0x03, 0x9a, 0xa9, 0x99, 0xfb, 0xbe,
1471 0x49, 0x11, 0xad, 0x77, 0x30, 0xaa, 0xbc, 0xb6, 0x02, 0x00, 0x03, 0x00, 0x04, 0x5d,
1472 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1473 0x02, 0x00, 0x00, 0x00, 0x11, 0x00, 0x01, 0x00, 0x32, 0x04, 0x7e, 0xae, 0xec, 0x28,
1474 0xd1, 0x55, 0x83, 0x4e, 0xc3, 0x47, 0x5d, 0x1d, 0xc6, 0x65, 0x02, 0x00, 0x03, 0x00,
1475 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1476 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x12, 0x00, 0x01, 0x00, 0xc6, 0xa4, 0x81, 0x48,
1477 0x66, 0x2a, 0x74, 0x7d, 0x56, 0x6e, 0xc5, 0x1d, 0x19, 0xf2, 0xb5, 0xb6, 0x03, 0x00,
1478 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1479 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x13, 0x00, 0x01, 0x00, 0xcb, 0xae,
1480 0xb3, 0xc0, 0x0c, 0xf4, 0xa4, 0x5e, 0x91, 0x72, 0xdd, 0x53, 0x24, 0x70, 0x89, 0x02,
1481 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1482 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x14, 0x00, 0x01, 0x00,
1483 0xb8, 0xd0, 0xa0, 0x1a, 0x5e, 0x7a, 0x2d, 0xfe, 0x35, 0xc6, 0x7d, 0x08, 0x0d, 0x33,
1484 0x73, 0x18, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1485 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x15, 0x00,
1486 0x01, 0x00, 0x21, 0xd3, 0xaa, 0x09, 0x03, 0xa7, 0x0b, 0xc2, 0x06, 0x45, 0xd9, 0x6c,
1487 0x75, 0xc2, 0x15, 0xa8, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1488 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1489 0x16, 0x00, 0x01, 0x00, 0xe1, 0xbd, 0x59, 0xfc, 0xbc, 0xa9, 0x95, 0xc2, 0x68, 0x79,
1490 0xf3, 0x75, 0xe0, 0xae, 0x6c, 0xe5, 0x04, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1491 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1492 0x00, 0x00, 0x17, 0x00, 0x01, 0x00, 0x06, 0x52, 0xb4, 0x71, 0x70, 0x15, 0x4e, 0xf5,
1493 0x7f, 0x08, 0x86, 0x14, 0xe6, 0x17, 0xd5, 0x97, 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d,
1494 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1495 0x02, 0x00, 0x00, 0x00,
1496 ];
1497 let mut dcerpc_state = DCERPCState::new();
2ce7d98a 1498 assert_eq!(16, dcerpc_state.process_header(header));
8036202c
SB		 1499 assert_eq!(1068, dcerpc_state.process_bind_pdu(bind));
1500 }
1501
1502 #[test]
1503 fn test_handle_bindctxitem() {
2ce7d98a
SB		 1504 let header: &[u8] = &[
1505 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1506 0x00, 0x00,
1507 ];
8036202c
SB		 1508 let bind: &[u8] = &[
1509 0x00, 0x00, 0x01, 0x00, 0x2c, 0xd0, 0x28, 0xda, 0x76, 0x91, 0xf6, 0x6e, 0xcb, 0x0f,
1510 0xbf, 0x85, 0xcd, 0x9b, 0xf6, 0x39, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1511 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1512 0x00, 0x00,
1513 ];
1514 let mut dcerpc_state = DCERPCState::new();
2ce7d98a 1515 assert_eq!(16, dcerpc_state.process_header(header));
8036202c
SB		 1516 assert_eq!(44, dcerpc_state.handle_bindctxitem(bind, 0));
1517 }
1518
1519 #[test]
1520 fn test_process_bindack_pdu() {
1521 let bind: &[u8] = &[
1522 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x3c, 0x04, 0x00, 0x00, 0x00, 0x00,
1523 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
1524 0x00, 0x00, 0x01, 0x00, 0x2c, 0xd0, 0x28, 0xda, 0x76, 0x91, 0xf6, 0x6e, 0xcb, 0x0f,
1525 0xbf, 0x85, 0xcd, 0x9b, 0xf6, 0x39, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1526 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1527 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x2c, 0x75, 0xce, 0x7e, 0x82, 0x3b, 0x06, 0xac,
1528 0x1b, 0xf0, 0xf5, 0xb7, 0xa7, 0xf7, 0x28, 0xaf, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d,
1529 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1530 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0xe3, 0xb2, 0x10, 0xd1, 0xd0, 0x0c,
1531 0xcc, 0x3d, 0x2f, 0x80, 0x20, 0x7c, 0xef, 0xe7, 0x09, 0xe0, 0x04, 0x00, 0x00, 0x00,
1532 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1533 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0xde, 0x85, 0x70, 0xc4,
1534 0x02, 0x7c, 0x60, 0x23, 0x67, 0x0c, 0x22, 0xbf, 0x18, 0x36, 0x79, 0x17, 0x01, 0x00,
1535 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1536 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x41, 0x65,
1537 0x29, 0x51, 0xaa, 0xe7, 0x7b, 0xa8, 0xf2, 0x37, 0x0b, 0xd0, 0x3f, 0xb3, 0x36, 0xed,
1538 0x05, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1539 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
1540 0x14, 0x96, 0x80, 0x01, 0x2e, 0x78, 0xfb, 0x5d, 0xb4, 0x3c, 0x14, 0xb3, 0x3d, 0xaa,
1541 0x02, 0xfb, 0x06, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1542 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
1543 0x01, 0x00, 0x3b, 0x04, 0x68, 0x3e, 0x63, 0xfe, 0x9f, 0xd8, 0x64, 0x55, 0xcd, 0xe7,
1544 0x39, 0xaf, 0x98, 0x9f, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1545 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1546 0x07, 0x00, 0x01, 0x00, 0x16, 0x7a, 0x4f, 0x1b, 0xdb, 0x25, 0x92, 0x55, 0xdd, 0xae,
1547 0x9e, 0x5b, 0x3e, 0x93, 0x66, 0x93, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1548 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1549 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0xe8, 0xa4, 0x8a, 0xcf, 0x95, 0x6c, 0xc7, 0x8f,
1550 0x14, 0xcc, 0x56, 0xfc, 0x7b, 0x5f, 0x4f, 0xe8, 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d,
1551 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1552 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xd8, 0xda, 0xfb, 0xbc, 0xa2, 0x55,
1553 0x6f, 0x5d, 0xc0, 0x2d, 0x88, 0x6f, 0x00, 0x17, 0x52, 0x8d, 0x06, 0x00, 0x03, 0x00,
1554 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1555 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x3f, 0x17, 0x55, 0x0c,
1556 0xf4, 0x23, 0x3c, 0xca, 0xe6, 0xa0, 0xaa, 0xcc, 0xb5, 0xe3, 0xf9, 0xce, 0x04, 0x00,
1557 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1558 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x6a, 0x28,
1559 0x19, 0x39, 0x0c, 0xb1, 0xd0, 0x11, 0x9b, 0xa8, 0x00, 0xc0, 0x4f, 0xd9, 0x2e, 0xf5,
1560 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1561 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00,
1562 0xc9, 0x9f, 0x3e, 0x6e, 0x82, 0x0a, 0x2b, 0x28, 0x37, 0x78, 0xe1, 0x13, 0x70, 0x05,
1563 0x38, 0x4d, 0x01, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1564 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0d, 0x00,
1565 0x01, 0x00, 0x11, 0xaa, 0x4b, 0x15, 0xdf, 0xa6, 0x86, 0x3f, 0xfb, 0xe0, 0x09, 0xb7,
1566 0xf8, 0x56, 0xd2, 0x3f, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1567 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1568 0x0e, 0x00, 0x01, 0x00, 0xee, 0x99, 0xc4, 0x25, 0x11, 0xe4, 0x95, 0x62, 0x29, 0xfa,
1569 0xfd, 0x26, 0x57, 0x02, 0xf1, 0xce, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1570 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1571 0x00, 0x00, 0x0f, 0x00, 0x01, 0x00, 0xba, 0x81, 0x9e, 0x1a, 0xdf, 0x2b, 0xba, 0xe4,
1572 0xd3, 0x17, 0x41, 0x60, 0x6d, 0x2d, 0x9e, 0x28, 0x03, 0x00, 0x03, 0x00, 0x04, 0x5d,
1573 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1574 0x02, 0x00, 0x00, 0x00, 0x10, 0x00, 0x01, 0x00, 0xa0, 0x24, 0x03, 0x9a, 0xa9, 0x99,
1575 0xfb, 0xbe, 0x49, 0x11, 0xad, 0x77, 0x30, 0xaa, 0xbc, 0xb6, 0x02, 0x00, 0x03, 0x00,
1576 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1577 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x11, 0x00, 0x01, 0x00, 0x32, 0x04, 0x7e, 0xae,
1578 0xec, 0x28, 0xd1, 0x55, 0x83, 0x4e, 0xc3, 0x47, 0x5d, 0x1d, 0xc6, 0x65, 0x02, 0x00,
1579 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1580 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x12, 0x00, 0x01, 0x00, 0xc6, 0xa4,
1581 0x81, 0x48, 0x66, 0x2a, 0x74, 0x7d, 0x56, 0x6e, 0xc5, 0x1d, 0x19, 0xf2, 0xb5, 0xb6,
1582 0x03, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1583 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x13, 0x00, 0x01, 0x00,
1584 0xcb, 0xae, 0xb3, 0xc0, 0x0c, 0xf4, 0xa4, 0x5e, 0x91, 0x72, 0xdd, 0x53, 0x24, 0x70,
1585 0x89, 0x02, 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1586 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x14, 0x00,
1587 0x01, 0x00, 0xb8, 0xd0, 0xa0, 0x1a, 0x5e, 0x7a, 0x2d, 0xfe, 0x35, 0xc6, 0x7d, 0x08,
1588 0x0d, 0x33, 0x73, 0x18, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1589 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1590 0x15, 0x00, 0x01, 0x00, 0x21, 0xd3, 0xaa, 0x09, 0x03, 0xa7, 0x0b, 0xc2, 0x06, 0x45,
1591 0xd9, 0x6c, 0x75, 0xc2, 0x15, 0xa8, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1592 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1593 0x00, 0x00, 0x16, 0x00, 0x01, 0x00, 0xe1, 0xbd, 0x59, 0xfc, 0xbc, 0xa9, 0x95, 0xc2,
1594 0x68, 0x79, 0xf3, 0x75, 0xe0, 0xae, 0x6c, 0xe5, 0x04, 0x00, 0x02, 0x00, 0x04, 0x5d,
1595 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1596 0x02, 0x00, 0x00, 0x00, 0x17, 0x00, 0x01, 0x00, 0x06, 0x52, 0xb4, 0x71, 0x70, 0x15,
1597 0x4e, 0xf5, 0x7f, 0x08, 0x86, 0x14, 0xe6, 0x17, 0xd5, 0x97, 0x04, 0x00, 0x00, 0x00,
1598 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1599 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1600 ];
1601 let bindack: &[u8] = &[
1602 0xb8, 0x10, 0xb8, 0x10, 0xce, 0x47, 0x00, 0x00, 0x0c, 0x00, 0x5c, 0x50, 0x49, 0x50,
1603 0x45, 0x5c, 0x6c, 0x73, 0x61, 0x73, 0x73, 0x00, 0xf6, 0x6e, 0x18, 0x00, 0x00, 0x00,
1604 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1605 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
1606 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1607 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
1608 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1609 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1610 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
1611 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1612 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
1613 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1614 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1615 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1616 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1617 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
1618 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1619 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
1620 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1621 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1622 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1623 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1624 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
1625 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1626 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1627 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1628 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1629 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
1630 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1631 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
1632 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1633 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1634 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
1635 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1636 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
1637 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1638 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1639 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1640 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1641 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
1642 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1643 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
1644 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1645 0x00, 0x00,
1646 ];
1647 let mut dcerpc_state = DCERPCState::new();
1648 assert_eq!(16, dcerpc_state.process_header(bind));
1649 assert_eq!(1068, dcerpc_state.process_bind_pdu(&bind[16..]));
1650 assert_eq!(604, dcerpc_state.process_bindack_pdu(bindack));
1651 if let Some(back) = dcerpc_state.bindack {
1652 assert_eq!(1, back.accepted_uuid_list.len());
1653 assert_eq!(
1654 vec!(57, 25, 40, 106, 177, 12, 17, 208, 155, 168, 0, 192, 79, 217, 46, 245),
1655 back.accepted_uuid_list[0].uuid
1656 );
1657 assert_eq!(11, back.accepted_uuid_list[0].internal_id);
1658 }
1659 }
1660
1661 #[test]
1662 pub fn test_process_request_pdu() {
1663 let request: &[u8] = &[
1664 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1665 0x00, 0x00, 0xe8, 0x03, 0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x45, 0x00, 0x2c, 0x00,
1666 0x4d, 0x00, 0x73, 0x00, 0x53, 0x00, 0x59, 0x00, 0x2a, 0x00, 0x4a, 0x00, 0x7a, 0x00,
1667 0x3e, 0x00, 0x58, 0x00, 0x21, 0x00, 0x4a, 0x00, 0x30, 0x00, 0x41, 0x00, 0x4b, 0x00,
1668 0x4b, 0x00, 0x3c, 0x00, 0x48, 0x00, 0x24, 0x00, 0x38, 0x00, 0x54, 0x00, 0x60, 0x00,
1669 0x2d, 0x00, 0x29, 0x00, 0x64, 0x00, 0x5b, 0x00, 0x77, 0x00, 0x3a, 0x00, 0x4c, 0x00,
1670 0x24, 0x00, 0x23, 0x00, 0x66, 0x00, 0x43, 0x00, 0x68, 0x00, 0x22, 0x00, 0x55, 0x00,
1671 0x29, 0x00, 0x2c, 0x00, 0x4f, 0x00, 0x5a, 0x00, 0x50, 0x00, 0x61, 0x00, 0x2a, 0x00,
1672 0x6f, 0x00, 0x2f, 0x00, 0x4d, 0x00, 0x68, 0x00, 0x3a, 0x00, 0x5c, 0x00, 0x67, 0x00,
1673 0x68, 0x00, 0x68, 0x00, 0x49, 0x00, 0x45, 0x00, 0x4c, 0x00, 0x72, 0x00, 0x53, 0x00,
1674 0x4c, 0x00, 0x25, 0x00, 0x4d, 0x00, 0x67, 0x00, 0x2e, 0x00, 0x4f, 0x00, 0x64, 0x00,
1675 0x61, 0x00, 0x73, 0x00, 0x24, 0x00, 0x46, 0x00, 0x35, 0x00, 0x2e, 0x00, 0x45, 0x00,
1676 0x6f, 0x00, 0x40, 0x00, 0x41, 0x00, 0x33, 0x00, 0x38, 0x00, 0x47, 0x00, 0x71, 0x00,
1677 0x5a, 0x00, 0x37, 0x00, 0x7a, 0x00, 0x35, 0x00, 0x6b, 0x00, 0x3c, 0x00, 0x26, 0x00,
1678 0x37, 0x00, 0x69, 0x00, 0x75, 0x00, 0x36, 0x00, 0x37, 0x00, 0x47, 0x00, 0x21, 0x00,
1679 0x2d, 0x00, 0x69, 0x00, 0x37, 0x00, 0x78, 0x00, 0x5f, 0x00, 0x72, 0x00, 0x4b, 0x00,
1680 0x5c, 0x00, 0x74, 0x00, 0x3e, 0x00, 0x52, 0x00, 0x7a, 0x00, 0x49, 0x00, 0x31, 0x00,
1681 0x5a, 0x00, 0x7b, 0x00, 0x29, 0x00, 0x3b, 0x00, 0x78, 0x00, 0x3b, 0x00, 0x55, 0x00,
1682 0x3e, 0x00, 0x35, 0x00, 0x2b, 0x00, 0x4e, 0x00, 0x4f, 0x00, 0x59, 0x00, 0x38, 0x00,
1683 0x2a, 0x00, 0x59, 0x00, 0x6b, 0x00, 0x42, 0x00, 0x4c, 0x00, 0x3e, 0x00, 0x6a, 0x00,
1684 0x49, 0x00, 0x2c, 0x00, 0x79, 0x00, 0x6e, 0x00, 0x35, 0x00, 0x4f, 0x00, 0x49, 0x00,
1685 0x55, 0x00, 0x35, 0x00, 0x61, 0x00, 0x72, 0x00, 0x77, 0x00, 0x38, 0x00, 0x32, 0x00,
1686 0x24, 0x00, 0x46, 0x00, 0x32, 0x00, 0x32, 0x00, 0x27, 0x00, 0x64, 0x00, 0x5a, 0x00,
1687 0x77, 0x00, 0x2e, 0x00, 0x37, 0x00, 0x77, 0x00, 0x2e, 0x00, 0x28, 0x00, 0x63, 0x00,
1688 0x4f, 0x00, 0x67, 0x00, 0x64, 0x00, 0x39, 0x00, 0x37, 0x00, 0x31, 0x00, 0x30, 0x00,
1689 0x28, 0x00, 0x2e, 0x00, 0x6f, 0x00, 0x3e, 0x00, 0x59, 0x00, 0x28, 0x00, 0x67, 0x00,
1690 0x52, 0x00, 0x35, 0x00, 0x5a, 0x00, 0x7c, 0x00, 0x56, 0x00, 0x6a, 0x00, 0x5c, 0x00,
1691 0x3c, 0x00, 0x30, 0x00, 0x59, 0x00, 0x5c, 0x00, 0x5e, 0x00, 0x38, 0x00, 0x54, 0x00,
1692 0x5c, 0x00, 0x5b, 0x00, 0x42, 0x00, 0x62, 0x00, 0x70, 0x00, 0x34, 0x00, 0x5c, 0x00,
1693 0x57, 0x00, 0x7a, 0x00, 0x4b, 0x00, 0x2f, 0x00, 0x6b, 0x00, 0x6a, 0x00, 0x4f, 0x00,
1694 0x41, 0x00, 0x33, 0x00, 0x52, 0x00, 0x36, 0x00, 0x27, 0x00, 0x30, 0x00, 0x6d, 0x00,
1695 0x4a, 0x00, 0x30, 0x00, 0x78, 0x00, 0x46, 0x00, 0x65, 0x00, 0x4e, 0x00, 0x29, 0x00,
1696 0x66, 0x00, 0x3f, 0x00, 0x72, 0x00, 0x71, 0x00, 0x75, 0x00, 0x4c, 0x00, 0x2b, 0x00,
1697 0x5c, 0x00, 0x46, 0x00, 0x52, 0x00, 0x7b, 0x00, 0x5c, 0x00, 0x69, 0x00, 0x66, 0x00,
1698 0x56, 0x00, 0x31, 0x00, 0x2d, 0x00, 0x72, 0x00, 0x61, 0x00, 0x68, 0x00, 0x28, 0x00,
1699 0x7d, 0x00, 0x58, 0x00, 0x2a, 0x00, 0x7b, 0x00, 0x28, 0x00, 0x5b, 0x00, 0x54, 0x00,
1700 0x3a, 0x00, 0x26, 0x00, 0x52, 0x00, 0x44, 0x00, 0x60, 0x00, 0x50, 0x00, 0x65, 0x00,
1701 0x48, 0x00, 0x7d, 0x00, 0x2a, 0x00, 0x74, 0x00, 0x49, 0x00, 0x7b, 0x00, 0x21, 0x00,
1702 0x61, 0x00, 0x52, 0x00, 0x43, 0x00, 0x5f, 0x00, 0x5a, 0x00, 0x74, 0x00, 0x5c, 0x00,
1703 0x62, 0x00, 0x68, 0x00, 0x6c, 0x00, 0x6c, 0x00, 0x2b, 0x00, 0x6f, 0x00, 0x7c, 0x00,
1704 0x42, 0x00, 0x67, 0x00, 0x32, 0x00, 0x58, 0x00, 0x35, 0x00, 0x30, 0x00, 0x2f, 0x00,
1705 0x2d, 0x00, 0x60, 0x00, 0x62, 0x00, 0x51, 0x00, 0x2a, 0x00, 0x30, 0x00, 0x31, 0x00,
1706 0x48, 0x00, 0x5b, 0x00, 0x5b, 0x00, 0x5d, 0x00, 0x25, 0x00, 0x58, 0x00, 0x4a, 0x00,
1707 0x76, 0x00, 0x32, 0x00, 0x62, 0x00, 0x27, 0x00, 0x42, 0x00, 0x40, 0x00, 0x53, 0x00,
1708 0x7c, 0x00, 0x7d, 0x00, 0x50, 0x00, 0x3d, 0x00, 0x40, 0x00, 0x76, 0x00, 0x38, 0x00,
1709 0x58, 0x00, 0x39, 0x00, 0x63, 0x00, 0x3c, 0x00, 0x5b, 0x00, 0x23, 0x00, 0x53, 0x00,
1710 0x7a, 0x00, 0x54, 0x00, 0x74, 0x00, 0x61, 0x00, 0x76, 0x00, 0x4a, 0x00, 0x3e, 0x00,
1711 0x33, 0x00, 0x75, 0x00, 0x66, 0x00, 0x2d, 0x00, 0x48, 0x00, 0x33, 0x00, 0x71, 0x00,
1712 0x76, 0x00, 0x48, 0x00, 0x71, 0x00, 0x41, 0x00, 0x6f, 0x00, 0x2a, 0x00, 0x67, 0x00,
1713 0x70, 0x00, 0x21, 0x00, 0x70, 0x00, 0x4b, 0x00, 0x52, 0x00, 0x58, 0x00, 0x68, 0x00,
1714 0x23, 0x00, 0x39, 0x00, 0x46, 0x00, 0x4d, 0x00, 0x51, 0x00, 0x57, 0x00, 0x3a, 0x00,
1715 0x79, 0x00, 0x7b, 0x00, 0x6c, 0x00, 0x55, 0x00, 0x33, 0x00, 0x65, 0x00, 0x49, 0x00,
1716 0x72, 0x00, 0x30, 0x00, 0x4f, 0x00, 0x41, 0x00, 0x6e, 0x00, 0x31, 0x00, 0x4a, 0x00,
1717 0x60, 0x00, 0x79, 0x00, 0x70, 0x00, 0x4f, 0x00, 0x58, 0x00, 0x75, 0x00, 0x44, 0x00,
1718 0x59, 0x00, 0x58, 0x00, 0x46, 0x00, 0x3d, 0x00, 0x46, 0x00, 0x74, 0x00, 0x51, 0x00,
1719 0x57, 0x00, 0x6e, 0x00, 0x2d, 0x00, 0x47, 0x00, 0x23, 0x00, 0x45, 0x00, 0x60, 0x00,
1720 0x4c, 0x00, 0x72, 0x00, 0x4e, 0x00, 0x74, 0x00, 0x40, 0x00, 0x76, 0x00, 0x75, 0x00,
1721 0x74, 0x00, 0x56, 0x00, 0x44, 0x00, 0x29, 0x00, 0x62, 0x00, 0x58, 0x00, 0x31, 0x00,
1722 0x78, 0x00, 0x32, 0x00, 0x52, 0x00, 0x4a, 0x00, 0x6b, 0x00, 0x55, 0x00, 0x72, 0x00,
1723 0x6f, 0x00, 0x6f, 0x00, 0x4a, 0x00, 0x54, 0x00, 0x7d, 0x00, 0x68, 0x00, 0x3f, 0x00,
1724 0x28, 0x00, 0x21, 0x00, 0x53, 0x00, 0x48, 0x00, 0x5a, 0x00, 0x34, 0x00, 0x36, 0x00,
1725 0x35, 0x00, 0x64, 0x00, 0x4e, 0x00, 0x75, 0x00, 0x69, 0x00, 0x23, 0x00, 0x75, 0x00,
1726 0x55, 0x00, 0x43, 0x00, 0x75, 0x00, 0x2f, 0x00, 0x73, 0x00, 0x62, 0x00, 0x6f, 0x00,
1727 0x37, 0x00, 0x4e, 0x00, 0x25, 0x00, 0x25, 0x00, 0x21, 0x00, 0x3d, 0x00, 0x3c, 0x00,
1728 0x71, 0x00, 0x3e, 0x00, 0x3f, 0x00, 0x30, 0x00, 0x36, 0x00, 0x62, 0x00, 0x63, 0x00,
1729 0x53, 0x00, 0x54, 0x00, 0x5d, 0x00, 0x61, 0x00, 0x4c, 0x00, 0x28, 0x00, 0x2b, 0x00,
1730 0x4c, 0x00, 0x4e, 0x00, 0x66, 0x00, 0x5f, 0x00, 0x4b, 0x00, 0x43, 0x00, 0x75, 0x00,
1731 0x45, 0x00, 0x37, 0x00, 0x28, 0x00, 0x56, 0x00, 0x36, 0x00, 0x6a, 0x00, 0x3e, 0x00,
1732 0x64, 0x00, 0x34, 0x00, 0x6a, 0x00, 0x7d, 0x00, 0x4a, 0x00, 0x66, 0x00, 0x7a, 0x00,
1733 0x3e, 0x00, 0x75, 0x00, 0x38, 0x00, 0x7b, 0x00, 0x42, 0x00, 0x76, 0x00, 0x29, 0x00,
1734 0x4c, 0x00, 0x65, 0x00, 0x2e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x2b, 0x00, 0x51, 0x00,
1735 0x47, 0x00, 0x22, 0x00, 0x48, 0x00, 0x3d, 0x00, 0x49, 0x00, 0x44, 0x00, 0x5d, 0x00,
1736 0x59, 0x00, 0x63, 0x00, 0x5c, 0x00, 0x24, 0x00, 0x35, 0x00, 0x34, 0x00, 0x70, 0x00,
1737 0x69, 0x00,
1738 ];
1739 let mut dcerpc_state = DCERPCState::new();
1740 assert_eq!(16, dcerpc_state.process_header(&request));
1741 assert_eq!(1008, dcerpc_state.process_request_pdu(&request[16..]));
1742 }
1743
1744 #[test]
1745 pub fn test_parse_dcerpc() {
1746 let request: &[u8] = &[
1747 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1748 0x00, 0x00, 0xe8, 0x03, 0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x45, 0x00, 0x2c, 0x00,
1749 0x4d, 0x00, 0x73, 0x00, 0x53, 0x00, 0x59, 0x00, 0x2a, 0x00, 0x4a, 0x00, 0x7a, 0x00,
1750 0x3e, 0x00, 0x58, 0x00, 0x21, 0x00, 0x4a, 0x00, 0x30, 0x00, 0x41, 0x00, 0x4b, 0x00,
1751 0x4b, 0x00, 0x3c, 0x00, 0x48, 0x00, 0x24, 0x00, 0x38, 0x00, 0x54, 0x00, 0x60, 0x00,
1752 0x2d, 0x00, 0x29, 0x00, 0x64, 0x00, 0x5b, 0x00, 0x77, 0x00, 0x3a, 0x00, 0x4c, 0x00,
1753 0x24, 0x00, 0x23, 0x00, 0x66, 0x00, 0x43, 0x00, 0x68, 0x00, 0x22, 0x00, 0x55, 0x00,
1754 0x29, 0x00, 0x2c, 0x00, 0x4f, 0x00, 0x5a, 0x00, 0x50, 0x00, 0x61, 0x00, 0x2a, 0x00,
1755 0x6f, 0x00, 0x2f, 0x00, 0x4d, 0x00, 0x68, 0x00, 0x3a, 0x00, 0x5c, 0x00, 0x67, 0x00,
1756 0x68, 0x00, 0x68, 0x00, 0x49, 0x00, 0x45, 0x00, 0x4c, 0x00, 0x72, 0x00, 0x53, 0x00,
1757 0x4c, 0x00, 0x25, 0x00, 0x4d, 0x00, 0x67, 0x00, 0x2e, 0x00, 0x4f, 0x00, 0x64, 0x00,
1758 0x61, 0x00, 0x73, 0x00, 0x24, 0x00, 0x46, 0x00, 0x35, 0x00, 0x2e, 0x00, 0x45, 0x00,
1759 0x6f, 0x00, 0x40, 0x00, 0x41, 0x00, 0x33, 0x00, 0x38, 0x00, 0x47, 0x00, 0x71, 0x00,
1760 0x5a, 0x00, 0x37, 0x00, 0x7a, 0x00, 0x35, 0x00, 0x6b, 0x00, 0x3c, 0x00, 0x26, 0x00,
1761 0x37, 0x00, 0x69, 0x00, 0x75, 0x00, 0x36, 0x00, 0x37, 0x00, 0x47, 0x00, 0x21, 0x00,
1762 0x2d, 0x00, 0x69, 0x00, 0x37, 0x00, 0x78, 0x00, 0x5f, 0x00, 0x72, 0x00, 0x4b, 0x00,
1763 0x5c, 0x00, 0x74, 0x00, 0x3e, 0x00, 0x52, 0x00, 0x7a, 0x00, 0x49, 0x00, 0x31, 0x00,
1764 0x5a, 0x00, 0x7b, 0x00, 0x29, 0x00, 0x3b, 0x00, 0x78, 0x00, 0x3b, 0x00, 0x55, 0x00,
1765 0x3e, 0x00, 0x35, 0x00, 0x2b, 0x00, 0x4e, 0x00, 0x4f, 0x00, 0x59, 0x00, 0x38, 0x00,
1766 0x2a, 0x00, 0x59, 0x00, 0x6b, 0x00, 0x42, 0x00, 0x4c, 0x00, 0x3e, 0x00, 0x6a, 0x00,
1767 0x49, 0x00, 0x2c, 0x00, 0x79, 0x00, 0x6e, 0x00, 0x35, 0x00, 0x4f, 0x00, 0x49, 0x00,
1768 0x55, 0x00, 0x35, 0x00, 0x61, 0x00, 0x72, 0x00, 0x77, 0x00, 0x38, 0x00, 0x32, 0x00,
1769 0x24, 0x00, 0x46, 0x00, 0x32, 0x00, 0x32, 0x00, 0x27, 0x00, 0x64, 0x00, 0x5a, 0x00,
1770 0x77, 0x00, 0x2e, 0x00, 0x37, 0x00, 0x77, 0x00, 0x2e, 0x00, 0x28, 0x00, 0x63, 0x00,
1771 0x4f, 0x00, 0x67, 0x00, 0x64, 0x00, 0x39, 0x00, 0x37, 0x00, 0x31, 0x00, 0x30, 0x00,
1772 0x28, 0x00, 0x2e, 0x00, 0x6f, 0x00, 0x3e, 0x00, 0x59, 0x00, 0x28, 0x00, 0x67, 0x00,
1773 0x52, 0x00, 0x35, 0x00, 0x5a, 0x00, 0x7c, 0x00, 0x56, 0x00, 0x6a, 0x00, 0x5c, 0x00,
1774 0x3c, 0x00, 0x30, 0x00, 0x59, 0x00, 0x5c, 0x00, 0x5e, 0x00, 0x38, 0x00, 0x54, 0x00,
1775 0x5c, 0x00, 0x5b, 0x00, 0x42, 0x00, 0x62, 0x00, 0x70, 0x00, 0x34, 0x00, 0x5c, 0x00,
1776 0x57, 0x00, 0x7a, 0x00, 0x4b, 0x00, 0x2f, 0x00, 0x6b, 0x00, 0x6a, 0x00, 0x4f, 0x00,
1777 0x41, 0x00, 0x33, 0x00, 0x52, 0x00, 0x36, 0x00, 0x27, 0x00, 0x30, 0x00, 0x6d, 0x00,
1778 0x4a, 0x00, 0x30, 0x00, 0x78, 0x00, 0x46, 0x00, 0x65, 0x00, 0x4e, 0x00, 0x29, 0x00,
1779 0x66, 0x00, 0x3f, 0x00, 0x72, 0x00, 0x71, 0x00, 0x75, 0x00, 0x4c, 0x00, 0x2b, 0x00,
1780 0x5c, 0x00, 0x46, 0x00, 0x52, 0x00, 0x7b, 0x00, 0x5c, 0x00, 0x69, 0x00, 0x66, 0x00,
1781 0x56, 0x00, 0x31, 0x00, 0x2d, 0x00, 0x72, 0x00, 0x61, 0x00, 0x68, 0x00, 0x28, 0x00,
1782 0x7d, 0x00, 0x58, 0x00, 0x2a, 0x00, 0x7b, 0x00, 0x28, 0x00, 0x5b, 0x00, 0x54, 0x00,
1783 0x3a, 0x00, 0x26, 0x00, 0x52, 0x00, 0x44, 0x00, 0x60, 0x00, 0x50, 0x00, 0x65, 0x00,
1784 0x48, 0x00, 0x7d, 0x00, 0x2a, 0x00, 0x74, 0x00, 0x49, 0x00, 0x7b, 0x00, 0x21, 0x00,
1785 0x61, 0x00, 0x52, 0x00, 0x43, 0x00, 0x5f, 0x00, 0x5a, 0x00, 0x74, 0x00, 0x5c, 0x00,
1786 0x62, 0x00, 0x68, 0x00, 0x6c, 0x00, 0x6c, 0x00, 0x2b, 0x00, 0x6f, 0x00, 0x7c, 0x00,
1787 0x42, 0x00, 0x67, 0x00, 0x32, 0x00, 0x58, 0x00, 0x35, 0x00, 0x30, 0x00, 0x2f, 0x00,
1788 0x2d, 0x00, 0x60, 0x00, 0x62, 0x00, 0x51, 0x00, 0x2a, 0x00, 0x30, 0x00, 0x31, 0x00,
1789 0x48, 0x00, 0x5b, 0x00, 0x5b, 0x00, 0x5d, 0x00, 0x25, 0x00, 0x58, 0x00, 0x4a, 0x00,
1790 0x76, 0x00, 0x32, 0x00, 0x62, 0x00, 0x27, 0x00, 0x42, 0x00, 0x40, 0x00, 0x53, 0x00,
1791 0x7c, 0x00, 0x7d, 0x00, 0x50, 0x00, 0x3d, 0x00, 0x40, 0x00, 0x76, 0x00, 0x38, 0x00,
1792 0x58, 0x00, 0x39, 0x00, 0x63, 0x00, 0x3c, 0x00, 0x5b, 0x00, 0x23, 0x00, 0x53, 0x00,
1793 0x7a, 0x00, 0x54, 0x00, 0x74, 0x00, 0x61, 0x00, 0x76, 0x00, 0x4a, 0x00, 0x3e, 0x00,
1794 0x33, 0x00, 0x75, 0x00, 0x66, 0x00, 0x2d, 0x00, 0x48, 0x00, 0x33, 0x00, 0x71, 0x00,
1795 0x76, 0x00, 0x48, 0x00, 0x71, 0x00, 0x41, 0x00, 0x6f, 0x00, 0x2a, 0x00, 0x67, 0x00,
1796 0x70, 0x00, 0x21, 0x00, 0x70, 0x00, 0x4b, 0x00, 0x52, 0x00, 0x58, 0x00, 0x68, 0x00,
1797 0x23, 0x00, 0x39, 0x00, 0x46, 0x00, 0x4d, 0x00, 0x51, 0x00, 0x57, 0x00, 0x3a, 0x00,
1798 0x79, 0x00, 0x7b, 0x00, 0x6c, 0x00, 0x55, 0x00, 0x33, 0x00, 0x65, 0x00, 0x49, 0x00,
1799 0x72, 0x00, 0x30, 0x00, 0x4f, 0x00, 0x41, 0x00, 0x6e, 0x00, 0x31, 0x00, 0x4a, 0x00,
1800 0x60, 0x00, 0x79, 0x00, 0x70, 0x00, 0x4f, 0x00, 0x58, 0x00, 0x75, 0x00, 0x44, 0x00,
1801 0x59, 0x00, 0x58, 0x00, 0x46, 0x00, 0x3d, 0x00, 0x46, 0x00, 0x74, 0x00, 0x51, 0x00,
1802 0x57, 0x00, 0x6e, 0x00, 0x2d, 0x00, 0x47, 0x00, 0x23, 0x00, 0x45, 0x00, 0x60, 0x00,
1803 0x4c, 0x00, 0x72, 0x00, 0x4e, 0x00, 0x74, 0x00, 0x40, 0x00, 0x76, 0x00, 0x75, 0x00,
1804 0x74, 0x00, 0x56, 0x00, 0x44, 0x00, 0x29, 0x00, 0x62, 0x00, 0x58, 0x00, 0x31, 0x00,
1805 0x78, 0x00, 0x32, 0x00, 0x52, 0x00, 0x4a, 0x00, 0x6b, 0x00, 0x55, 0x00, 0x72, 0x00,
1806 0x6f, 0x00, 0x6f, 0x00, 0x4a, 0x00, 0x54, 0x00, 0x7d, 0x00, 0x68, 0x00, 0x3f, 0x00,
1807 0x28, 0x00, 0x21, 0x00, 0x53, 0x00, 0x48, 0x00, 0x5a, 0x00, 0x34, 0x00, 0x36, 0x00,
1808 0x35, 0x00, 0x64, 0x00, 0x4e, 0x00, 0x75, 0x00, 0x69, 0x00, 0x23, 0x00, 0x75, 0x00,
1809 0x55, 0x00, 0x43, 0x00, 0x75, 0x00, 0x2f, 0x00, 0x73, 0x00, 0x62, 0x00, 0x6f, 0x00,
1810 0x37, 0x00, 0x4e, 0x00, 0x25, 0x00, 0x25, 0x00, 0x21, 0x00, 0x3d, 0x00, 0x3c, 0x00,
1811 0x71, 0x00, 0x3e, 0x00, 0x3f, 0x00, 0x30, 0x00, 0x36, 0x00, 0x62, 0x00, 0x63, 0x00,
1812 0x53, 0x00, 0x54, 0x00, 0x5d, 0x00, 0x61, 0x00, 0x4c, 0x00, 0x28, 0x00, 0x2b, 0x00,
1813 0x4c, 0x00, 0x4e, 0x00, 0x66, 0x00, 0x5f, 0x00, 0x4b, 0x00, 0x43, 0x00, 0x75, 0x00,
1814 0x45, 0x00, 0x37, 0x00, 0x28, 0x00, 0x56, 0x00, 0x36, 0x00, 0x6a, 0x00, 0x3e, 0x00,
1815 0x64, 0x00, 0x34, 0x00, 0x6a, 0x00, 0x7d, 0x00, 0x4a, 0x00, 0x66, 0x00, 0x7a, 0x00,
1816 0x3e, 0x00, 0x75, 0x00, 0x38, 0x00, 0x7b, 0x00, 0x42, 0x00, 0x76, 0x00, 0x29, 0x00,
1817 0x4c, 0x00, 0x65, 0x00, 0x2e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x2b, 0x00, 0x51, 0x00,
1818 0x47, 0x00, 0x22, 0x00, 0x48, 0x00, 0x3d, 0x00, 0x49, 0x00, 0x44, 0x00, 0x5d, 0x00,
1819 0x59, 0x00, 0x63, 0x00, 0x5c, 0x00, 0x24, 0x00, 0x35, 0x00, 0x34, 0x00, 0x70, 0x00,
1820 0x69, 0x00,
1821 ];
1822 let mut dcerpc_state = DCERPCState::new();
1823 assert_eq!(
1824 AppLayerResult::ok(),
1825 dcerpc_state.handle_input_data(&request, core::STREAM_TOSERVER)
1826 );
1827 if let Some(hdr) = dcerpc_state.header {
1828 assert_eq!(0, hdr.hdrtype);
1829 assert_eq!(5, hdr.rpc_vers);
1830 assert_eq!(1024, hdr.frag_length);
1831 }
bab497ab
SB		 1832 let tx = &dcerpc_state.transactions[0];
1833 assert_eq!(11, tx.ctxid);
1834 assert_eq!(9, tx.opnum);
1835 assert_eq!(1, tx.first_request_seen);
2033f386 1836 assert_eq!(1000, tx.stub_data_buffer_ts.len());
bab497ab 1837 assert_eq!(true, tx.stub_data_buffer_reset_ts);
8036202c
SB		 1838 }
1839
1840 #[test]
1841 pub fn test_parse_bind_pdu() {
1842 let bind1: &[u8] = &[
1843 0x05, 0x00, 0x0b, 0x01, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00,
1844 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1845 0x00, 0x00, 0x01, 0x00, 0xb8, 0x4a, 0x9f, 0x4d, 0x1c, 0x7d, 0xcf, 0x11, 0x86, 0x1e,
1846 0x00, 0x20, 0xaf, 0x6e, 0x7c, 0x57, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1847 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1848 0x00, 0x00,
1849 ];
1850 let bind2: &[u8] = &[
1851 0x05, 0x00, 0x0b, 0x02, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00,
1852 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1853 0x01, 0x00, 0x01, 0x00, 0xb8, 0x4a, 0x9f, 0x4d, 0x1c, 0x7d, 0xcf, 0x11, 0x86, 0x1e,
1854 0x00, 0x20, 0xaf, 0x6e, 0x7c, 0x67, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1855 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1856 0x00, 0x00,
1857 ];
1858 let mut dcerpc_state = DCERPCState::new();
1859 assert_eq!(
1860 AppLayerResult::ok(),
1861 dcerpc_state.handle_input_data(&bind1, core::STREAM_TOSERVER)
1862 );
1863 assert_eq!(
1864 AppLayerResult::ok(), // TODO ASK if this is correct?
1865 dcerpc_state.handle_input_data(&bind2, core::STREAM_TOSERVER)
1866 );
1867 }
1868
1869 #[test]
1870 pub fn test_parse_bind_frag_1() {
1871 let bind1: &[u8] = &[
1872 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0xdc, 0x02, 0x00, 0x00, 0x00, 0x00,
1873 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
1874 0x00, 0x00, 0x01, 0x00, 0xc7, 0x70, 0x0d, 0x3e, 0x71, 0x37, 0x39, 0x0d, 0x3a, 0x4f,
1875 0xd3, 0xdc, 0xca, 0x49, 0xe8, 0xa3, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1876 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1877 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x84, 0xb6, 0x55, 0x75, 0xdb, 0x9e, 0xba, 0x54,
1878 0x56, 0xd3, 0x45, 0x10, 0xb7, 0x7a, 0x2a, 0xe2, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d,
1879 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1880 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x6e, 0x39, 0x21, 0x24, 0x70, 0x6f,
1881 0x41, 0x57, 0x54, 0x70, 0xb8, 0xc3, 0x5e, 0x89, 0x3b, 0x43, 0x03, 0x00, 0x00, 0x00,
1882 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1883 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0x39, 0x6a, 0x86, 0x5d,
1884 0x24, 0x0f, 0xd2, 0xf7, 0xb6, 0xce, 0x95, 0x9c, 0x54, 0x1d, 0x3a, 0xdb, 0x02, 0x00,
1885 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1886 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x12, 0xa5,
1887 0xdd, 0xc5, 0x55, 0xce, 0xc3, 0x46, 0xbd, 0xa0, 0x94, 0x39, 0x3c, 0x0d, 0x9b, 0x5b,
1888 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1889 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
1890 0x87, 0x1c, 0x8b, 0x6e, 0x11, 0xa8, 0x67, 0x98, 0xd4, 0x5d, 0xf6, 0x8a, 0x2f, 0x33,
1891 0x24, 0x7b, 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1892 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
1893 0x01, 0x00, 0x9b, 0x82, 0x13, 0xd1, 0x28, 0xe0, 0x63, 0xf3, 0x62, 0xee, 0x76, 0x73,
1894 0xf9, 0xac, 0x3d, 0x2e, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1895 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1896 0x07, 0x00, 0x01, 0x00, 0xa9, 0xd4, 0x73, 0xf2, 0xed, 0xad, 0xe8, 0x82, 0xf8, 0xcf,
1897 0x9d, 0x9f, 0x66, 0xe6, 0x43, 0x37, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1898 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1899 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0x06, 0x2b, 0x85, 0x38, 0x4f, 0x73, 0x96, 0xb1,
1900 0x73, 0xe1, 0x59, 0xbe, 0x9d, 0xe2, 0x6c, 0x07, 0x05, 0x00, 0x01, 0x00, 0x04, 0x5d,
1901 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1902 ];
1903 let bind2: &[u8] = &[
1904 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xbf, 0xfa, 0xbb, 0xa4, 0x9e, 0x5c,
1905 0x80, 0x61, 0xb5, 0x8b, 0x79, 0x69, 0xa6, 0x32, 0x88, 0x77, 0x01, 0x00, 0x01, 0x00,
1906 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1907 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x39, 0xa8, 0x2c, 0x39,
1908 0x73, 0x50, 0x06, 0x8d, 0xf2, 0x37, 0x1e, 0x1e, 0xa8, 0x8f, 0x46, 0x98, 0x02, 0x00,
1909 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1910 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x91, 0x13,
1911 0xd0, 0xa7, 0xef, 0xc4, 0xa7, 0x96, 0x0c, 0x4a, 0x0d, 0x29, 0x80, 0xd3, 0xfe, 0xbf,
1912 0x00, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1913 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00,
1914 0xcc, 0x2b, 0x55, 0x1d, 0xd4, 0xa4, 0x0d, 0xfb, 0xcb, 0x6f, 0x86, 0x36, 0xa6, 0x57,
1915 0xc3, 0x21, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1916 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0d, 0x00,
1917 0x01, 0x00, 0x43, 0x7b, 0x07, 0xee, 0x85, 0xa8, 0xb9, 0x3a, 0x0f, 0xf9, 0x83, 0x70,
1918 0xe6, 0x0b, 0x4f, 0x33, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1919 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1920 0x0e, 0x00, 0x01, 0x00, 0x9c, 0x6a, 0x15, 0x8c, 0xd6, 0x9c, 0xa6, 0xc3, 0xb2, 0x9e,
1921 0x62, 0x9f, 0x3d, 0x8e, 0x47, 0x73, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1922 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1923 0x00, 0x00, 0x0f, 0x00, 0x01, 0x00, 0xc8, 0x4f, 0x32, 0x4b, 0x70, 0x16, 0xd3, 0x01,
1924 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e, 0xe1, 0x88, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d,
1925 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1926 0x02, 0x00, 0x00, 0x00,
1927 ];
1928 let mut dcerpc_state = DCERPCState::new();
1929 assert_eq!(
1930 AppLayerResult::ok(),
1931 dcerpc_state.handle_input_data(&bind1, core::STREAM_TOSERVER)
1932 );
1933 assert_eq!(
1934 AppLayerResult::ok(),
1935 dcerpc_state.handle_input_data(&bind2, core::STREAM_TOSERVER)
1936 );
1937 if let Some(ref bind) = dcerpc_state.bind {
1938 assert_eq!(16, bind.numctxitems);
1939 assert_eq!(0, dcerpc_state.bytes_consumed); // because the buffer is cleared after a query is complete
1940 }
1941 }
1942
1943 #[test]
1944 pub fn test_parse_bind_frag_2() {
1945 let request1: &[u8] = &[
1946 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x2C, 0x00, 0x00, 0x00, 0x01, 0x00,
1947 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04,
1948 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
1949 ];
1950 let request2: &[u8] = &[0x0D, 0x0E];
1951 let request3: &[u8] = &[0x0F, 0x10, 0x11, 0x12, 0x13, 0x14];
1952 let mut dcerpc_state = DCERPCState::new();
1953 assert_eq!(
1954 AppLayerResult::ok(),
1955 dcerpc_state.handle_input_data(&request1, core::STREAM_TOSERVER)
1956 );
1957 assert_eq!(
1958 AppLayerResult::ok(),
1959 dcerpc_state.handle_input_data(&request2, core::STREAM_TOSERVER)
1960 );
1961 assert_eq!(
1962 AppLayerResult::ok(),
1963 dcerpc_state.handle_input_data(&request3, core::STREAM_TOSERVER)
1964 );
bab497ab 1965 let tx = &dcerpc_state.transactions[0];
2033f386 1966 assert_eq!(20, tx.stub_data_buffer_ts.len());
8036202c
SB		 1967 }
1968
1969 #[test]
1970 pub fn test_parse_bind_frag_3() {
1971 let request1: &[u8] = &[
1972 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x2C, 0x00, 0x00, 0x00, 0x01, 0x00,
1973 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04,
1974 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
1975 ];
1976 let mut dcerpc_state = DCERPCState::new();
1977 assert_eq!(
1978 AppLayerResult::ok(),
1979 dcerpc_state.handle_input_data(&request1, core::STREAM_TOSERVER)
1980 );
1981 }
1982
1983 #[test]
1984 pub fn test_parse_bind_frag_4() {
1985 let request1: &[u8] = &[
1986 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x2C, 0x00, 0x00, 0x00, 0x01, 0x00,
1987 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04,
1988 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
1989 ];
1990 let mut dcerpc_state = DCERPCState::new();
1991 assert_eq!(
1992 AppLayerResult::ok(),
1993 dcerpc_state.handle_input_data(&request1, core::STREAM_TOSERVER)
1994 );
1995 }
1996
1997 #[test]
1998 pub fn test_parse_dcerpc_frag_1() {
1999 let fault: &[u8] = &[
2000 0x05, 0x00, 0x03, 0x03, 0x10, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
2001 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0xf7, 0x06, 0x00, 0x00,
2002 0x00, 0x00, 0x00, 0x00,
2003 ];
2004 let request1: &[u8] = &[0x05, 0x00];
2005 let request2: &[u8] = &[
2006 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
2007 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
2008 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
2009 ];
2010 let mut dcerpc_state = DCERPCState::new();
2011 assert_eq!(
2012 AppLayerResult::err(),
2013 dcerpc_state.handle_input_data(&fault, core::STREAM_TOSERVER)
2014 );
2015 assert_eq!(
2016 AppLayerResult::ok(),
2017 dcerpc_state.handle_input_data(&request1, core::STREAM_TOSERVER)
2018 );
2019 assert_eq!(
2020 AppLayerResult::ok(),
2021 dcerpc_state.handle_input_data(&request2, core::STREAM_TOSERVER)
2022 );
bab497ab 2023 let tx = &dcerpc_state.transactions[0];
2033f386 2024 assert_eq!(12, tx.stub_data_buffer_ts.len());
8036202c
SB		 2025 }
2026
2027 #[test]
2028 pub fn test_parse_dcerpc_frag_2() {
2029 let request1: &[u8] = &[
2030 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x01, 0x00,
2031 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04,
2032 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
2033 ];
2034 let request2: &[u8] = &[0x05, 0x00];
2035 let request3: &[u8] = &[
2036 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
2037 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
2038 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
2039 ];
2040 let mut dcerpc_state = DCERPCState::new();
2041 assert_eq!(
2042 AppLayerResult::ok(),
2043 dcerpc_state.handle_input_data(&request1, core::STREAM_TOSERVER)
2044 );
2045 assert_eq!(
2046 AppLayerResult::ok(),
2047 dcerpc_state.handle_input_data(&request2, core::STREAM_TOSERVER)
2048 );
2049 assert_eq!(
2050 AppLayerResult::ok(),
2051 dcerpc_state.handle_input_data(&request3, core::STREAM_TOSERVER)
2052 );
2053 }
2054
2055 #[test]
2056 pub fn test_parse_dcerpc_back_frag() {
2057 let bind_ack1: &[u8] = &[
2058 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x44, 0x00, 0x00, 0x00, 0x00, 0x00,
2059 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x48, 0x1a, 0x00, 0x00,
2060 ];
2061 let bind_ack2: &[u8] = &[
2062 0x0c, 0x00, 0x5c, 0x50, 0x49, 0x50, 0x45, 0x5c, 0x6c, 0x73, 0x61, 0x73, 0x73, 0x00,
2063 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2064 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2065 0x00, 0x00,
2066 ];
2067 let mut dcerpc_state = DCERPCState::new();
2068 dcerpc_state.data_needed_for_dir = core::STREAM_TOCLIENT;
2069 assert_eq!(
2070 AppLayerResult::ok(),
2071 dcerpc_state.handle_input_data(&bind_ack1, core::STREAM_TOCLIENT)
2072 );
2073 assert_eq!(
2074 AppLayerResult::ok(),
2075 dcerpc_state.handle_input_data(&bind_ack2, core::STREAM_TOCLIENT)
2076 );
2077 }
2078
2079 #[test]
2080 // Check if the parser accepts bind pdus that have context ids starting
2081 // from a non-zero value.
2082 pub fn test_parse_bind_pdu_ctx_id_non_zero() {
2083 let bindbuf: &[u8] = &[
2084 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x7f, 0x00,
2085 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
2086 0x01, 0x00, 0x01, 0x00, 0xa0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00,
2087 0x00, 0x00, 0x00, 0x00, 0x00, 0x46, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2088 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2089 0x00, 0x00,
2090 ];
2091 let mut dcerpc_state = DCERPCState::new();
2092 let expected_uuid: &[u8] = &[
2093 0x00, 0x00, 0x01, 0xa0, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00,
2094 0x00, 0x46,
2095 ];
2096 assert_eq!(
2097 AppLayerResult::ok(),
2098 dcerpc_state.handle_input_data(&bindbuf, core::STREAM_TOSERVER)
2099 );
2100 if let Some(ref bind) = dcerpc_state.bind {
2101 let bind_uuid = &bind.uuid_list[0].uuid;
2102 assert_eq!(1, bind.uuid_list.len());
2103 assert_eq!(
2104 cmp::Ordering::Equal,
2105 bind_uuid
2106 .iter()
2107 .zip(expected_uuid)
2108 .map(|(x, y)| x.cmp(y))
2109 .find(|&ord| ord != cmp::Ordering::Equal)
2110 .unwrap_or(bind_uuid.len().cmp(&expected_uuid.len()))
2111 );
2112 }
2113 }
2114
2115 #[test]
2116 // Check for endless loop with bind PDUs (Imported from C code)
2117 pub fn test_parse_bind_pdu_infinite_loop() {
2118 let bindbuf: &[u8] = &[
2119 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x4A, 0x00, 0x00, 0x00, 0x7f, 0x00,
2120 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
2121 0x01, 0x00, 0x01, 0x00, 0xa0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00,
2122 0x00, 0x00, 0x00, 0x00, 0x00, 0x46, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2123 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2124 0x00, 0x00, 0x02, 0x00, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04,
2125 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02,
2126 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
2127 0x01, 0x02, 0x03, 0x04, 0xFF, /* ka boom - endless loop */
2128 ];
2129 let mut dcerpc_state = DCERPCState::new();
2130 assert_eq!(
2131 AppLayerResult::ok(),
2132 dcerpc_state.handle_input_data(&bindbuf, core::STREAM_TOSERVER)
2133 );
2134 }
2135
2136 #[test]
2137 // Check for endless loop with bind_ack PDUs (Imported from C code)
2138 pub fn test_parse_bindack_pdu_infinite_loop() {
2139 let bind_ack: &[u8] = &[
2140 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x3e, 0x00, 0x00, 0x00, 0x7f, 0x00,
2141 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0xfd, 0x04, 0x01, 0x00, 0x04, 0x00, 0x31, 0x33,
2142 0x35, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d,
2143 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2144 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2145 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x01, 0x02, 0x03, 0x04,
2146 0xFF,
2147 ];
2148 let mut dcerpc_state = DCERPCState::new();
2149 dcerpc_state.data_needed_for_dir = core::STREAM_TOCLIENT;
2150 assert_eq!(
2151 AppLayerResult::ok(),
2152 dcerpc_state.handle_input_data(&bind_ack, core::STREAM_TOCLIENT)
2153 );
2154 }
2155
2156 #[test]
2157 // Check for correct internal ids for bind_acks
2158 pub fn test_parse_bindack_internal_ids() {
2159 let bind1: &[u8] = &[
2160 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x58, 0x02, 0x00, 0x00, 0x00, 0x00,
2161 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00, 0x00,
2162 0x00, 0x00, 0x01, 0x00, 0x50, 0x08, 0x43, 0x95, 0x43, 0x5a, 0x8b, 0xb2, 0xf4, 0xc5,
2163 0xb9, 0xee, 0x67, 0x55, 0x7c, 0x19, 0x00, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2164 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2165 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0xda, 0xc2, 0xbc, 0x9b, 0x35, 0x2e, 0xd4, 0xc9,
2166 0x1f, 0x85, 0x01, 0xe6, 0x4e, 0x5a, 0x5e, 0xd4, 0x04, 0x00, 0x03, 0x00, 0x04, 0x5d,
2167 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2168 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0xb2, 0x97, 0xcc, 0x14, 0x6f, 0x70,
2169 0x0d, 0xa5, 0x33, 0xd7, 0xf4, 0xe3, 0x8e, 0xb2, 0x2a, 0x1e, 0x05, 0x00, 0x02, 0x00,
2170 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2171 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0x96, 0x4e, 0xa6, 0xf6,
2172 0xb2, 0x4b, 0xae, 0xb3, 0x21, 0xf4, 0x97, 0x7c, 0xcd, 0xa7, 0x08, 0xb0, 0x00, 0x00,
2173 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2174 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0xbc, 0xc0,
2175 0xf7, 0x71, 0x3f, 0x71, 0x54, 0x44, 0x22, 0xa8, 0x55, 0x0f, 0x98, 0x83, 0x1f, 0xfe,
2176 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2177 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
2178 0xbe, 0x52, 0xf2, 0x58, 0x4a, 0xc3, 0xb5, 0xd0, 0xba, 0xac, 0xda, 0xf0, 0x12, 0x99,
2179 0x38, 0x6e, 0x04, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2180 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
2181 0x01, 0x00, 0xdb, 0xfa, 0x73, 0x01, 0xb3, 0x81, 0x01, 0xd4, 0x7f, 0xa0, 0x36, 0xb1,
2182 0x97, 0xae, 0x29, 0x7f, 0x01, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2183 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2184 0x07, 0x00, 0x01, 0x00, 0x89, 0xbe, 0x41, 0x1d, 0x38, 0x75, 0xf5, 0xb5, 0xad, 0x27,
2185 0x73, 0xf1, 0xb0, 0x7a, 0x28, 0x82, 0x05, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2186 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2187 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0xf6, 0x87, 0x09, 0x93, 0xb8, 0xa8, 0x20, 0xc4,
2188 0xb8, 0x63, 0xe6, 0x95, 0xed, 0x59, 0xee, 0x3f, 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d,
2189 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2190 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x92, 0x77, 0x92, 0x68, 0x3e, 0xa4,
2191 0xbc, 0x3f, 0x44, 0x33, 0x0e, 0xb8, 0x33, 0x0a, 0x2f, 0xdf, 0x01, 0x00, 0x02, 0x00,
2192 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2193 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0xa1, 0x03, 0xd2, 0xa9,
2194 0xd2, 0x16, 0xc9, 0x89, 0x67, 0x18, 0x3e, 0xb1, 0xee, 0x6b, 0xf9, 0x18, 0x02, 0x00,
2195 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2196 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x2f, 0x09,
2197 0x5e, 0x74, 0xec, 0xa0, 0xbb, 0xc1, 0x60, 0x18, 0xf1, 0x93, 0x04, 0x17, 0x11, 0xf9,
2198 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2199 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00,
2200 0xc8, 0x4f, 0x32, 0x4b, 0x70, 0x16, 0xd3, 0x01, 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e,
2201 0xe1, 0x88, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2202 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2203 ];
2204 let bind_ack1: &[u8] = &[
2205 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x64, 0x01, 0x00, 0x00, 0x00, 0x00,
2206 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0xc1, 0x2b, 0x00, 0x00, 0x0e, 0x00, 0x5c, 0x50,
2207 0x49, 0x50, 0x45, 0x5c, 0x62, 0x72, 0x6f, 0x77, 0x73, 0x65, 0x72, 0x00, 0x0d, 0x00,
2208 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2209 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2210 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2211 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2212 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2213 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2214 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2215 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2216 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
2217 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2218 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
2219 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2220 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2221 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2222 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2223 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2224 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2225 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2226 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2227 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2228 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2229 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2230 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2231 ];
2232 let bind2: &[u8] = &[
2233 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0xdc, 0x02, 0x00, 0x00, 0x00, 0x00,
2234 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
2235 0x00, 0x00, 0x01, 0x00, 0xc7, 0x70, 0x0d, 0x3e, 0x71, 0x37, 0x39, 0x0d, 0x3a, 0x4f,
2236 0xd3, 0xdc, 0xca, 0x49, 0xe8, 0xa3, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2237 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2238 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x84, 0xb6, 0x55, 0x75, 0xdb, 0x9e, 0xba, 0x54,
2239 0x56, 0xd3, 0x45, 0x10, 0xb7, 0x7a, 0x2a, 0xe2, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d,
2240 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2241 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x6e, 0x39, 0x21, 0x24, 0x70, 0x6f,
2242 0x41, 0x57, 0x54, 0x70, 0xb8, 0xc3, 0x5e, 0x89, 0x3b, 0x43, 0x03, 0x00, 0x00, 0x00,
2243 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2244 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0x39, 0x6a, 0x86, 0x5d,
2245 0x24, 0x0f, 0xd2, 0xf7, 0xb6, 0xce, 0x95, 0x9c, 0x54, 0x1d, 0x3a, 0xdb, 0x02, 0x00,
2246 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2247 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x12, 0xa5,
2248 0xdd, 0xc5, 0x55, 0xce, 0xc3, 0x46, 0xbd, 0xa0, 0x94, 0x39, 0x3c, 0x0d, 0x9b, 0x5b,
2249 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2250 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
2251 0x87, 0x1c, 0x8b, 0x6e, 0x11, 0xa8, 0x67, 0x98, 0xd4, 0x5d, 0xf6, 0x8a, 0x2f, 0x33,
2252 0x24, 0x7b, 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2253 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
2254 0x01, 0x00, 0x9b, 0x82, 0x13, 0xd1, 0x28, 0xe0, 0x63, 0xf3, 0x62, 0xee, 0x76, 0x73,
2255 0xf9, 0xac, 0x3d, 0x2e, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2256 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2257 0x07, 0x00, 0x01, 0x00, 0xa9, 0xd4, 0x73, 0xf2, 0xed, 0xad, 0xe8, 0x82, 0xf8, 0xcf,
2258 0x9d, 0x9f, 0x66, 0xe6, 0x43, 0x37, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2259 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2260 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0x06, 0x2b, 0x85, 0x38, 0x4f, 0x73, 0x96, 0xb1,
2261 0x73, 0xe1, 0x59, 0xbe, 0x9d, 0xe2, 0x6c, 0x07, 0x05, 0x00, 0x01, 0x00, 0x04, 0x5d,
2262 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2263 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xbf, 0xfa, 0xbb, 0xa4, 0x9e, 0x5c,
2264 0x80, 0x61, 0xb5, 0x8b, 0x79, 0x69, 0xa6, 0x32, 0x88, 0x77, 0x01, 0x00, 0x01, 0x00,
2265 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2266 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x39, 0xa8, 0x2c, 0x39,
2267 0x73, 0x50, 0x06, 0x8d, 0xf2, 0x37, 0x1e, 0x1e, 0xa8, 0x8f, 0x46, 0x98, 0x02, 0x00,
2268 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2269 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x91, 0x13,
2270 0xd0, 0xa7, 0xef, 0xc4, 0xa7, 0x96, 0x0c, 0x4a, 0x0d, 0x29, 0x80, 0xd3, 0xfe, 0xbf,
2271 0x00, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2272 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00,
2273 0xcc, 0x2b, 0x55, 0x1d, 0xd4, 0xa4, 0x0d, 0xfb, 0xcb, 0x6f, 0x86, 0x36, 0xa6, 0x57,
2274 0xc3, 0x21, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2275 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0d, 0x00,
2276 0x01, 0x00, 0x43, 0x7b, 0x07, 0xee, 0x85, 0xa8, 0xb9, 0x3a, 0x0f, 0xf9, 0x83, 0x70,
2277 0xe6, 0x0b, 0x4f, 0x33, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2278 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2279 0x0e, 0x00, 0x01, 0x00, 0x9c, 0x6a, 0x15, 0x8c, 0xd6, 0x9c, 0xa6, 0xc3, 0xb2, 0x9e,
2280 0x62, 0x9f, 0x3d, 0x8e, 0x47, 0x73, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2281 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2282 0x00, 0x00, 0x0f, 0x00, 0x01, 0x00, 0xc8, 0x4f, 0x32, 0x4b, 0x70, 0x16, 0xd3, 0x01,
2283 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e, 0xe1, 0x88, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d,
2284 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2285 0x02, 0x00, 0x00, 0x00,
2286 ];
2287 let bind_ack2: &[u8] = &[
2288 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0xac, 0x01, 0x00, 0x00, 0x00, 0x00,
2289 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0xc2, 0x2b, 0x00, 0x00, 0x0e, 0x00, 0x5c, 0x50,
2290 0x49, 0x50, 0x45, 0x5c, 0x62, 0x72, 0x6f, 0x77, 0x73, 0x65, 0x72, 0x00, 0x10, 0x00,
2291 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2292 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2293 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2294 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2295 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2296 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2297 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2298 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2299 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
2300 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2301 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
2302 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2303 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2304 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2305 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2306 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2307 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2308 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2309 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2310 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2311 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
2312 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2313 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
2314 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2315 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2316 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2317 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2318 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2319 ];
2320 let bind3: &[u8] = &[
2321 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x2c, 0x02, 0x00, 0x00, 0x00, 0x00,
2322 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00,
2323 0x00, 0x00, 0x01, 0x00, 0xa4, 0x7f, 0x8e, 0xc6, 0xef, 0x56, 0x9b, 0x63, 0x92, 0xfa,
2324 0x08, 0xb3, 0x35, 0xe2, 0xa5, 0x81, 0x00, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2325 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2326 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x9f, 0xfc, 0x78, 0xd2, 0x5f, 0x16, 0x0b, 0xbc,
2327 0xc6, 0xdb, 0x5d, 0xef, 0xde, 0x54, 0xa2, 0x6f, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d,
2328 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2329 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x78, 0xb8, 0x96, 0xc7, 0x2f, 0xda,
2330 0x11, 0x6b, 0xd1, 0x28, 0x68, 0xe1, 0xd6, 0x71, 0xac, 0x9d, 0x03, 0x00, 0x00, 0x00,
2331 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2332 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0xcf, 0xf4, 0xd7, 0x37,
2333 0x03, 0xda, 0xcc, 0xe3, 0x3e, 0x34, 0x7f, 0x67, 0x99, 0x91, 0x41, 0x3d, 0x01, 0x00,
2334 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2335 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x48, 0xeb,
2336 0x32, 0xf0, 0x27, 0xd5, 0x9d, 0xd0, 0x1e, 0xc6, 0x48, 0x46, 0x97, 0xe9, 0xdb, 0x09,
2337 0x05, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2338 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
2339 0x82, 0xec, 0x0d, 0x08, 0xf2, 0x8f, 0x22, 0x57, 0x42, 0x9b, 0xce, 0xa8, 0x74, 0x16,
2340 0xc6, 0xec, 0x00, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2341 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
2342 0x01, 0x00, 0x2e, 0x00, 0x70, 0x44, 0xee, 0xc9, 0x30, 0x6b, 0xf4, 0x34, 0x1e, 0x3d,
2343 0x35, 0x0f, 0xf7, 0xf7, 0x00, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2344 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2345 0x07, 0x00, 0x01, 0x00, 0x59, 0x04, 0x39, 0x3f, 0x59, 0x87, 0x14, 0x0e, 0x76, 0x8d,
2346 0x17, 0xc2, 0x47, 0xfa, 0x67, 0x7f, 0x04, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2347 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2348 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0x30, 0xd6, 0xed, 0x2e, 0x57, 0xfa, 0xf4, 0x72,
2349 0x6c, 0x10, 0x0d, 0xe5, 0x51, 0x7f, 0xd0, 0x39, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d,
2350 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2351 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xea, 0x8b, 0x84, 0x4d, 0x44, 0x43,
2352 0xc1, 0x94, 0x75, 0xe2, 0x81, 0x48, 0xd8, 0x77, 0xd9, 0xce, 0x05, 0x00, 0x00, 0x00,
2353 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2354 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x89, 0x4f, 0xe7, 0x95,
2355 0xa3, 0xc1, 0x62, 0x36, 0x26, 0x9e, 0x67, 0xdb, 0x2c, 0x52, 0x89, 0xd3, 0x01, 0x00,
2356 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2357 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x78, 0x56,
2358 0x34, 0x12, 0x34, 0x12, 0xcd, 0xab, 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab,
2359 0x01, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2360 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2361 ];
2362 let bind_ack3: &[u8] = &[
2363 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x4c, 0x01, 0x00, 0x00, 0x00, 0x00,
2364 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x1a, 0x33, 0x00, 0x00, 0x0e, 0x00, 0x5c, 0x70,
2365 0x69, 0x70, 0x65, 0x5c, 0x73, 0x70, 0x6f, 0x6f, 0x6c, 0x73, 0x73, 0x00, 0x0c, 0x00,
2366 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2367 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2368 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2369 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2370 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2371 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2372 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2373 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2374 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
2375 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2376 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
2377 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2378 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2379 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2380 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2381 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2382 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2383 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2384 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2385 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2386 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2387 ];
2388 let mut dcerpc_state = DCERPCState::new();
2389 let expected_uuid1 = vec![
2390 0x4b, 0x32, 0x4f, 0xc8, 0x16, 0x70, 0x01, 0xd3, 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e,
2391 0xe1, 0x88,
2392 ];
2393 let expected_uuid2 = vec![
2394 0x4b, 0x32, 0x4f, 0xc8, 0x16, 0x70, 0x01, 0xd3, 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e,
2395 0xe1, 0x88,
2396 ];
2397 let expected_uuid3 = vec![
2398 0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0xab, 0xcd, 0xef, 0x00, 0x01, 0x23, 0x45, 0x67,
2399 0x89, 0xab,
2400 ];
2401 assert_eq!(
2402 AppLayerResult::ok(),
2403 dcerpc_state.handle_input_data(&bind1, core::STREAM_TOSERVER)
2404 );
2405 assert_eq!(
2406 AppLayerResult::ok(),
2407 dcerpc_state.handle_input_data(&bind_ack1, core::STREAM_TOCLIENT)
2408 );
2409 if let Some(ref back) = dcerpc_state.bindack {
2410 assert_eq!(1, back.accepted_uuid_list.len());
2411 assert_eq!(12, back.accepted_uuid_list[0].ctxid);
2412 assert_eq!(expected_uuid1, back.accepted_uuid_list[0].uuid);
2413 }
2414 assert_eq!(
2415 AppLayerResult::ok(),
2416 dcerpc_state.handle_input_data(&bind2, core::STREAM_TOSERVER)
2417 );
2418 assert_eq!(
2419 AppLayerResult::ok(),
2420 dcerpc_state.handle_input_data(&bind_ack2, core::STREAM_TOCLIENT)
2421 );
2422 if let Some(ref back) = dcerpc_state.bindack {
2423 assert_eq!(1, back.accepted_uuid_list.len());
2424 assert_eq!(15, back.accepted_uuid_list[0].ctxid);
2425 assert_eq!(expected_uuid2, back.accepted_uuid_list[0].uuid);
2426 }
2427 assert_eq!(
2428 AppLayerResult::ok(),
2429 dcerpc_state.handle_input_data(&bind3, core::STREAM_TOSERVER)
2430 );
2431 assert_eq!(
2432 AppLayerResult::ok(),
2433 dcerpc_state.handle_input_data(&bind_ack3, core::STREAM_TOCLIENT)
2434 );
2435 if let Some(ref back) = dcerpc_state.bindack {
2436 assert_eq!(1, back.accepted_uuid_list.len());
2437 dcerpc_state.data_needed_for_dir = core::STREAM_TOSERVER;
2438 assert_eq!(11, back.accepted_uuid_list[0].ctxid);
2439 assert_eq!(expected_uuid3, back.accepted_uuid_list[0].uuid);
2440 }
2441 }
2442
2443 #[test]
2444 pub fn test_bind_acks_alter_contexts_internal_ids() {
2445 let bind: &[u8] = &[
2446 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x01, 0x00,
2447 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
2448 0x00, 0x00, 0x01, 0x00, 0x40, 0xfd, 0x2c, 0x34, 0x6c, 0x3c, 0xce, 0x11, 0xa8, 0x93,
2449 0x08, 0x00, 0x2b, 0x2e, 0x9c, 0x6d, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2450 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2451 0x00, 0x00,
2452 ];
2453 let bindack: &[u8] = &[
2454 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x44, 0x00, 0x00, 0x00, 0x01, 0x00,
2455 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x7d, 0xd8, 0x00, 0x00, 0x0d, 0x00, 0x5c, 0x70,
2456 0x69, 0x70, 0x65, 0x5c, 0x6c, 0x6c, 0x73, 0x72, 0x70, 0x63, 0x00, 0x00, 0x01, 0x00,
2457 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2458 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2459 ];
2460 let alter_context: &[u8] = &[
2461 0x05, 0x00, 0x0e, 0x03, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x01, 0x00,
2462 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
2463 0x01, 0x00, 0x01, 0x00, 0xd0, 0x4c, 0x67, 0x57, 0x00, 0x52, 0xce, 0x11, 0xa8, 0x97,
2464 0x08, 0x00, 0x2b, 0x2e, 0x9c, 0x6d, 0x01, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2465 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2466 0x00, 0x00,
2467 ];
2468 let alter_context_resp: &[u8] = &[
2469 0x05, 0x00, 0x0f, 0x03, 0x10, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00, 0x01, 0x00,
2470 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x7d, 0xd8, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00,
2471 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2472 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2473 ];
2474
2475 let mut dcerpc_state = DCERPCState::new();
2476 let expected_uuid1 = vec![
2477 0x34, 0x2c, 0xfd, 0x40, 0x3c, 0x6c, 0x11, 0xce, 0xa8, 0x93, 0x08, 0x00, 0x2b, 0x2e,
2478 0x9c, 0x6d,
2479 ];
2480 let expected_uuid2 = vec![
2481 0x57, 0x67, 0x4c, 0xd0, 0x52, 0x00, 0x11, 0xce, 0xa8, 0x97, 0x08, 0x00, 0x2b, 0x2e,
2482 0x9c, 0x6d,
2483 ];
2484 assert_eq!(
2485 AppLayerResult::ok(),
2486 dcerpc_state.handle_input_data(bind, core::STREAM_TOSERVER)
2487 );
2488 assert_eq!(
2489 AppLayerResult::ok(),
2490 dcerpc_state.handle_input_data(bindack, core::STREAM_TOCLIENT)
2491 );
2492 if let Some(ref back) = dcerpc_state.bindack {
2493 assert_eq!(1, back.accepted_uuid_list.len());
2494 assert_eq!(0, back.accepted_uuid_list[0].ctxid);
2495 assert_eq!(expected_uuid1, back.accepted_uuid_list[0].uuid);
2496 }
2497 assert_eq!(
2498 AppLayerResult::ok(),
2499 dcerpc_state.handle_input_data(alter_context, core::STREAM_TOSERVER)
2500 );
2501 assert_eq!(
2502 AppLayerResult::ok(),
2503 dcerpc_state.handle_input_data(alter_context_resp, core::STREAM_TOCLIENT)
2504 );
2505 if let Some(ref back) = dcerpc_state.bindack {
2506 assert_eq!(1, back.accepted_uuid_list.len());
2507 assert_eq!(1, back.accepted_uuid_list[0].ctxid);
2508 assert_eq!(expected_uuid2, back.accepted_uuid_list[0].uuid);
2509 }
2510 }
2511
2512 #[test]
2513 pub fn test_parse_dcerpc_frag_3() {
2514 let request1: &[u8] = &[
2515 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00, 0x01, 0x00,
2516 0x00, 0x00, 0x0c, 0x00,
2517 ];
2518 let request2: &[u8] = &[
2519 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
2520 0x09, 0x0A, 0x0B, 0x0C, 0xFF, 0xFF,
2521 ];
2522 let mut dcerpc_state = DCERPCState::new();
2523 assert_eq!(
2524 AppLayerResult::ok(),
2525 dcerpc_state.handle_input_data(request1, core::STREAM_TOSERVER)
2526 );
2527 assert_eq!(
2528 AppLayerResult::ok(),
2529 dcerpc_state.handle_input_data(request2, core::STREAM_TOSERVER)
2530 );
bab497ab
SB		 2531 let tx = &dcerpc_state.transactions[0];
2532 assert_eq!(2, tx.opnum);
2533 assert_eq!(0, tx.ctxid);
2033f386 2534 assert_eq!(14, tx.stub_data_buffer_ts.len());
8036202c
SB		 2535 }
2536}
Michael's tree of suricata