]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1e786f9)
rdp: correctly returns incomplete in parse_tc 6099/head
authorPhilippe Antoine <contact@catenacyber.fr>
Thu, 11 Mar 2021 21:17:13 +0000 (22:17 +0100)
committerShivani Bhardwaj <shivanib134@gmail.com>
Thu, 29 Apr 2021 12:11:50 +0000 (17:41 +0530)
Adding the already consumed bytes
In case an incomplete tls handshake is handled with/after
a refular rdp t123_tpkt

(cherry picked from commit 6da9a37285a50b513077e5c88094f8112740ffcb)

rust/src/rdp/rdp.rs patch | blob | blame | history

diff --git a/rust/src/rdp/rdp.rs b/rust/src/rdp/rdp.rs
index fac136b6e3e51169ec7f590243113bc1ee315915..89e08db4aedefa3b2dabe200abb525d0005251bf 100644 (file)
--- a/rust/src/rdp/rdp.rs
+++ b/rust/src/rdp/rdp.rs
@@ -360,7 +360,14 @@ impl RdpState {
                     Err(nom::Err::Failure(_)) | Err(nom::Err::Error(_)) => {
                         if probe_tls_handshake(available) {
                             self.tls_parsing = true;
-                            return self.parse_tc(available);
+                            let r = self.parse_tc(available);
+                            if r.status == 1 {
+                                //adds bytes already consumed to incomplete result
+                                let consumed = (input.len() - available.len()) as u32;
+                                return AppLayerResult::incomplete(r.consumed + consumed, r.needed);
+                            } else {
+                                return r;
+                            }
                         } else {
                             return AppLayerResult::err();
                         }
Mirror of https://github.com/OISF/suricata.git