-/* Copyright (C) 2017-2018 Open Information Security Foundation
+/* Copyright (C) 2017-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
use nom::{be_u32, rest};
+pub const RPC_MAX_MACHINE_SIZE: u32 = 256; // Linux kernel defines 64.
+pub const RPC_MAX_CREDS_SIZE: u32 = 4096; // Linux kernel defines 400.
+pub const RPC_MAX_VERIFIER_SIZE: u32 = 4096; // Linux kernel defines 400.
+
#[derive(Debug,PartialEq)]
pub enum RpcRequestCreds<'a> {
Unix(RpcRequestCredsUnix<'a>),
named!(parse_rpc_request_creds_unix<RpcRequestCreds>,
do_parse!(
stamp: be_u32
- >> machine_name_len: be_u32
+ >> machine_name_len: verify!(be_u32, |size| size < RPC_MAX_MACHINE_SIZE)
>> machine_name_buf: take!(machine_name_len)
>> uid: be_u32
>> gid: be_u32
// data we care about.
named!(pub parse_rpc_gssapi_integrity<RpcGssApiIntegrity>,
do_parse!(
- len: be_u32
+ len: verify!(be_u32, |size| size < RPC_MAX_CREDS_SIZE)
>> seq_num: be_u32
>> data: take!(len)
>> (RpcGssApiIntegrity {
>> procedure: be_u32
>> creds_flavor: be_u32
- >> creds_len: be_u32
+ >> creds_len: verify!(be_u32, |size| size < RPC_MAX_CREDS_SIZE)
>> creds: flat_map!(take!(creds_len), switch!(value!(creds_flavor),
1 => call!(parse_rpc_request_creds_unix) |
6 => call!(parse_rpc_request_creds_gssapi) |
_ => call!(parse_rpc_request_creds_unknown) ))
>> verifier_flavor: be_u32
- >> verifier_len: be_u32
+ >> verifier_len: verify!(be_u32, |size| size < RPC_MAX_VERIFIER_SIZE)
>> verifier: take!(verifier_len as usize)
>> pl: rest
>> reply_state: be_u32
>> verifier_flavor: be_u32
- >> verifier_len: be_u32
+ >> verifier_len: verify!(be_u32, |size| size < RPC_MAX_VERIFIER_SIZE)
>> verifier: cond!(verifier_len > 0, take!(verifier_len as usize))
>> accept_state: be_u32
RpcPacketHeader {
frag_is_last:false,
frag_len:0,
-
xid:xid,
msgtype:msgtype,
}
>> procedure: be_u32
>> creds_flavor: be_u32
- >> creds_len: be_u32
+ >> creds_len: verify!(be_u32, |size| size < RPC_MAX_CREDS_SIZE)
>> creds: flat_map!(take!(creds_len), switch!(value!(creds_flavor),
1 => call!(parse_rpc_request_creds_unix) |
6 => call!(parse_rpc_request_creds_gssapi) |
_ => call!(parse_rpc_request_creds_unknown) ))
>> verifier_flavor: be_u32
- >> verifier_len: be_u32
+ >> verifier_len: verify!(be_u32, |size| size < RPC_MAX_VERIFIER_SIZE)
>> verifier: take!(verifier_len as usize)
>> pl: rest
hdr: parse_rpc_udp_packet_header
>> verifier_flavor: be_u32
- >> verifier_len: be_u32
+ >> verifier_len: verify!(be_u32, |size| size < RPC_MAX_VERIFIER_SIZE)
>> verifier: cond!(verifier_len > 0, take!(verifier_len as usize))
>> reply_state: be_u32
projects / thirdparty / suricata.git / commitdiff
