rdp: correctly returns incomplete in parse_tc

author Philippe Antoine <contact@catenacyber.fr>

Thu, 11 Mar 2021 21:17:13 +0000 (22:17 +0100)

committer Victor Julien <victor@inliniac.net>

Thu, 8 Apr 2021 09:14:30 +0000 (11:14 +0200)
author Philippe Antoine <contact@catenacyber.fr>
Thu, 11 Mar 2021 21:17:13 +0000 (22:17 +0100)
committer Victor Julien <victor@inliniac.net>
Thu, 8 Apr 2021 09:14:30 +0000 (11:14 +0200)
diff --git a/rust/src/rdp/rdp.rs b/rust/src/rdp/rdp.rs

index b03a774772177aa56e7f875251336052ebc5c800..55f2ddd3ecf5a0c4cc841d5d7bdbc79bc3c8d915 100644 (file)
--- a/rust/src/rdp/rdp.rs
+++ b/rust/src/rdp/rdp.rs
@@ -354,7 +354,14 @@ impl RdpState {
                      Err(nom::Err::Failure(_)) | Err(nom::Err::Error(_)) => {
                          if probe_tls_handshake(available) {
                              self.tls_parsing = true;
-                            return self.parse_tc(available);
+                            let r = self.parse_tc(available);
+                            if r.status == 1 {
+                                //adds bytes already consumed to incomplete result
+                                let consumed = (input.len() - available.len()) as u32;
+                                return AppLayerResult::incomplete(r.consumed + consumed, r.needed);
+                            } else {
+                                return r;
+                            }
                          } else {
                              return AppLayerResult::err();
                          }
author	Philippe Antoine <contact@catenacyber.fr>
	Thu, 11 Mar 2021 21:17:13 +0000 (22:17 +0100)
committer	Victor Julien <victor@inliniac.net>
	Thu, 8 Apr 2021 09:14:30 +0000 (11:14 +0200)