]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
Pull request #4256: dce_smb: Fixing an ASAN memory corruption issue
authorKumar swamy Nagabhushana (kumhn) <kumhn@cisco.com>
Wed, 27 Mar 2024 07:03:55 +0000 (07:03 +0000)
committerBhargava Jandhyala (bjandhya) <bjandhya@cisco.com>
Wed, 27 Mar 2024 07:03:55 +0000 (07:03 +0000)
Merge in SNORT/snort3 from ~KUMHN/snort3:smb_asan_crash to master

Squashed commit of the following:

commit 3663fe8d9a6ca005062e195b2c5c3b25d10adbc6
Author: kumhn <kumhn@cisco.com>
Date:   Fri Mar 22 17:39:58 2024 +0530

    dce_smb: Fixing an ASAN memory corruption issue

src/service_inspectors/dce_rpc/dce_smb2.cc

index 1b7f2ca33b633f40c638ce84c2d49d9dc98b450a..b5981c504357134de53ef23286d22712d96574c1 100644 (file)
@@ -263,7 +263,15 @@ static inline bool DCE2_Smb2FindSidTid(DCE2_Smb2SsnData* ssd, const uint64_t sid
     const uint32_t tid, const uint32_t mid, DCE2_Smb2SessionTracker** str, DCE2_Smb2TreeTracker** ttr, bool
     lookup_cache = false)
 {
-    *str = DCE2_Smb2FindSidInSsd(ssd, sid).get();
+    if(lookup_cache)
+    {
+        auto key = get_key(sid);
+        *str = smb2_session_cache->find(key).get();
+    }
+    else
+    {
+        *str = DCE2_Smb2FindSidInSsd(ssd, sid).get();
+    }
     if (!*str)
     {
         if (lookup_cache)
@@ -403,7 +411,7 @@ static void DCE2_Smb2Inspect(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
     case SMB2_COM_TREE_CONNECT:
         dce2_smb_stats.v2_tree_cnct++;
         // This will always return session tracker
-        str = DCE2_Smb2FindElseCreateSid(ssd, sid);
+        str = DCE2_Smb2FindElseCreateSid(ssd, sid, true);
         if (str)
         {
             DCE2_Smb2TreeConnect(ssd, smb_hdr, smb_data, end, str, tid);