smb: do not rely on one valid NBSS byte for probing

author Philippe Antoine <contact@catenacyber.fr>

Thu, 15 Oct 2020 20:51:52 +0000 (22:51 +0200)

committer Victor Julien <victor@inliniac.net>

Thu, 3 Dec 2020 12:00:42 +0000 (13:00 +0100)
author Philippe Antoine <contact@catenacyber.fr>
Thu, 15 Oct 2020 20:51:52 +0000 (22:51 +0200)
committer Victor Julien <victor@inliniac.net>
Thu, 3 Dec 2020 12:00:42 +0000 (13:00 +0100)
diff --git a/rust/src/smb/nbss_records.rs b/rust/src/smb/nbss_records.rs

index fba7557d36ab7213e35c1ad6faa2773934a71e1f..ae66f10880c7b0319f9cdf1e1b430db25cd726be 100644 (file)
--- a/rust/src/smb/nbss_records.rs
+++ b/rust/src/smb/nbss_records.rs
@@ -44,6 +44,9 @@ impl<'a> NbssRecord<'a> {
          };
          valid
      }
+    pub fn needs_more(&self) -> bool {
+        return self.is_valid() && self.length >= 4 && self.data.len() < 4;
+    }
      pub fn is_smb(&self) -> bool {
          let valid = self.is_valid();
          let smb = if self.data.len() >= 4 &&
diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs

index bbb6685e1d66de661691bf8c0991337b281c2f9a..70262391cc688d8a7b22f534971a3c705089c367 100644 (file)
--- a/rust/src/smb/smb.rs
+++ b/rust/src/smb/smb.rs
@@ -1977,9 +1977,8 @@ pub extern "C" fn rs_smb_probe_tcp(direction: u8,
              if hdr.is_smb() {
                  SCLogDebug!("smb found");
                  return 1;
-            } else if hdr.is_valid() {
-                SCLogDebug!("nbss found, assume smb");
-                return 1;
+            } else if hdr.needs_more(){
+                return 0;
              }
          },
          _ => { },
author	Philippe Antoine <contact@catenacyber.fr>
	Thu, 15 Oct 2020 20:51:52 +0000 (22:51 +0200)
committer	Victor Julien <victor@inliniac.net>
	Thu, 3 Dec 2020 12:00:42 +0000 (13:00 +0100)
rust/src/smb/nbss_records.rs		patch \| blob \| blame \| history
rust/src/smb/smb.rs		patch \| blob \| blame \| history