]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
Kerberos: check version in probing function
authorPierre Chifflier <chifflier@wzdftpd.net>
Tue, 17 Apr 2018 06:32:59 +0000 (08:32 +0200)
committerPierre Chifflier <chifflier@wzdftpd.net>
Wed, 13 Jun 2018 08:25:40 +0000 (10:25 +0200)
rust/src/krb/krb5.rs

index 1b2fa4fbc82a0248f72d7b89bcdbe5816fb9b59c..b3f70fbb77425e3f7b9444a74b6c6d23333c3440 100644 (file)
@@ -389,9 +389,17 @@ pub extern "C" fn rs_krb5_probing_parser(_flow: *const Flow, input:*const libc::
             if hdr.tag >= 30 { return unsafe{ALPROTO_FAILED}; }
             // Kerberos messages contain sequences
             if rem.is_empty() || rem[0] != 0x30 { return unsafe{ALPROTO_FAILED}; }
-            // XXX check kerberos version ?
-            // SCLogInfo!("probe hdr: {:?}", hdr);
-            return alproto;
+            // Check kerberos version
+            if let IResult::Done(rem,_hdr) = der_read_element_header(rem) {
+                if rem.len() > 5 {
+                    match (rem[2],rem[3],rem[4]) {
+                        // Encoding of DER integer 5 (version)
+                        (2,1,5) => { return alproto; },
+                        _       => (),
+                    }
+                }
+            }
+            return unsafe{ALPROTO_FAILED};
         },
         IResult::Incomplete(_) => {
             return ALPROTO_UNKNOWN;