false
},
SMB1_COMMAND_NT_CREATE_ANDX => {
- match parse_smb_create_andx_response_record(r.data) {
- IResult::Done(_, cr) => {
- SCLogDebug!("Create AndX {:?}", cr);
-
- let guid_key = SMBCommonHdr::from1(r, SMBHDR_TYPE_FILENAME);
- match state.ssn2vec_map.remove(&guid_key) {
- Some(mut p) => {
- p.retain(|&i|i != 0x00);
-
- let mut fid = cr.fid.to_vec();
- fid.extend_from_slice(&u32_as_bytes(r.ssn_id));
- SCLogDebug!("SMB1_COMMAND_NT_CREATE_ANDX fid {:?}", fid);
- SCLogDebug!("fid {:?} name {:?}", fid, p);
- state.guid2name_map.insert(fid, p);
- },
- _ => {
- SCLogDebug!("SMBv1 response: GUID NOT FOUND");
- },
- }
- },
- _ => { events.push(SMBEvent::MalformedData); },
+ if r.nt_status == SMB_NTSTATUS_SUCCESS {
+ match parse_smb_create_andx_response_record(r.data) {
+ IResult::Done(_, cr) => {
+ SCLogDebug!("Create AndX {:?}", cr);
+
+ let guid_key = SMBCommonHdr::from1(r, SMBHDR_TYPE_FILENAME);
+ match state.ssn2vec_map.remove(&guid_key) {
+ Some(mut p) => {
+ p.retain(|&i|i != 0x00);
+
+ let mut fid = cr.fid.to_vec();
+ fid.extend_from_slice(&u32_as_bytes(r.ssn_id));
+ SCLogDebug!("SMB1_COMMAND_NT_CREATE_ANDX fid {:?}", fid);
+ SCLogDebug!("fid {:?} name {:?}", fid, p);
+ state.guid2name_map.insert(fid, p);
+ },
+ _ => {
+ SCLogDebug!("SMBv1 response: GUID NOT FOUND");
+ },
+ }
+ },
+ _ => { events.push(SMBEvent::MalformedData); },
+ }
}
false
},
true
},
SMB1_COMMAND_SESSION_SETUP_ANDX => {
-/*
- SCLogDebug!("SMB1_COMMAND_SESSION_SETUP_ANDX user_id {}", r.user_id);
- match parse_smb_response_setup_andx_record(r.data) {
- IResult::Done(rem, _setup) => {
- //parse_secblob(state, setup.sec_blob);
- state.response_host = Some(smb1_session_setup_response_host_info(r, rem));
- },
- _ => {},
- }
- tx_sync = true;
- false
-*/
smb1_session_setup_response(state, r);
true
},
pub sec_blob: &'a[u8],
}
-named!(pub parse_smb_response_setup_andx_record<SmbResponseRecordSetupAndX>,
+named!(response_setup_andx_record<SmbResponseRecordSetupAndX>,
do_parse!(
skip1: take!(7)
>> sec_blob_len: le_u16
>> bcc: le_u16
>> sec_blob: take!(sec_blob_len)
- //>> skip3: rest
>> (SmbResponseRecordSetupAndX {
sec_blob:sec_blob,
}))
);
+named!(response_setup_andx_wct3_record<SmbResponseRecordSetupAndX>,
+ do_parse!(
+ skip1: take!(7)
+ >> bcc: le_u16
+ >> (SmbResponseRecordSetupAndX {
+ sec_blob:&[],
+ }))
+);
+
+named!(response_setup_andx_error_record<SmbResponseRecordSetupAndX>,
+ do_parse!(
+ wct: le_u8
+ >> bcc: le_u16
+ >> (SmbResponseRecordSetupAndX {
+ sec_blob: &[],
+ }))
+);
+
+named!(pub parse_smb_response_setup_andx_record<SmbResponseRecordSetupAndX>,
+ switch!(peek!(le_u8), // wct
+ 0 => call!(response_setup_andx_error_record) |
+ 3 => call!(response_setup_andx_wct3_record) |
+ _ => call!(response_setup_andx_record))
+);
+
#[derive(Debug,PartialEq)]
pub struct SmbRequestReadAndXRecord<'a> {
pub fid: &'a[u8],
projects / thirdparty / suricata.git / commitdiff
