tests: add test for bug 6008 SMB_COM_WRITE_ANDX data padding issue

Bug #6008

diff --git a/tests/filestore-filecontainer-smb1-padding/smb_bug_padding.pcap b/tests/filestore-filecontainer-smb1-padding/smb_bug_padding.pcap
new file mode 100644 (file)
index 0000000..288e3d1
Binary files /dev/null and b/tests/filestore-filecontainer-smb1-padding/smb_bug_padding.pcap differ

diff --git a/tests/filestore-filecontainer-smb1-padding/suricata.yaml b/tests/filestore-filecontainer-smb1-padding/suricata.yaml
new file mode 100644 (file)
index 0000000..c2aa2e4
--- /dev/null
+++ b/tests/filestore-filecontainer-smb1-padding/suricata.yaml
@@ -0,0 +1,22 @@
+%YAML 1.1
+---
+pcap-file:
+  # Possible values are:
+  #  - yes: checksum validation is forced
+  #  - no: checksum validation is disabled
+  #  - auto: Suricata uses a statistical approach to detect when
+  #  checksum off-loading is used. (default)
+  # Warning: 'checksum-validation' must be set to yes to have checksum tested
+  checksum-checks: no
+outputs:
+  - eve-log:
+      enabled: yes
+      types:
+        - files
+        - stats
+  - file-store:
+      version: 2
+      enabled: yes
+      stream-depth: 0
+      write-fileinfo: true
+      force-filestore: yes

diff --git a/tests/filestore-filecontainer-smb1-padding/test.yaml b/tests/filestore-filecontainer-smb1-padding/test.yaml
new file mode 100644 (file)
index 0000000..c6fb544
--- /dev/null
+++ b/tests/filestore-filecontainer-smb1-padding/test.yaml
@@ -0,0 +1,20 @@
+requires:
+  features:
+    - HAVE_NSS
+    - MAGIC
+    - RUST
+  files:
+    - src/output-filestore.c
+  min-version: 7
+
+args:
+  - --set pcap-file.checksum-checks=no
+checks:
+  - filter:
+      count: 1
+      match:
+        fileinfo.sha256: 04f93fbae50680991af90eb8a5a447d7b353d9c09097b3a905745d285d7ba634
+  - filter:
+      count: 1
+      match:
+        fileinfo.sha256: 81ef17f513f4959ba2a8243fa1412fa11b7d8f2c064da1f7ae98429188b6229c