smb1: improve NT Create response record parsing

author Victor Julien <victor@inliniac.net>

Sat, 7 Jul 2018 08:37:59 +0000 (10:37 +0200)

committer Victor Julien <victor@inliniac.net>

Fri, 13 Jul 2018 11:37:35 +0000 (13:37 +0200)
author Victor Julien <victor@inliniac.net>
Sat, 7 Jul 2018 08:37:59 +0000 (10:37 +0200)
committer Victor Julien <victor@inliniac.net>
Fri, 13 Jul 2018 11:37:35 +0000 (13:37 +0200)
diff --git a/rust/src/smb/smb1_records.rs b/rust/src/smb/smb1_records.rs

index c4f9d395bd04d126e2c837b1a2ae8e97b7a171e0..dff292ebbcc1373fce04df6a6a1f394cff460a01 100644 (file)
--- a/rust/src/smb/smb1_records.rs
+++ b/rust/src/smb/smb1_records.rs
@@ -649,7 +649,7 @@ named!(pub parse_smb_create_andx_response_record<SmbResponseCreateAndXRecord>,
      do_parse!(
              wct: le_u8
          >>  andx_command: le_u8
-        >>  take!(1)
+        >>  take!(1)    // reserved
          >>  andx_offset: le_u16
          >>  oplock_level: le_u8
          >>  fid: take!(2)
@@ -658,12 +658,14 @@ named!(pub parse_smb_create_andx_response_record<SmbResponseCreateAndXRecord>,
          >>  last_access_ts: le_u64
          >>  last_write_ts: le_u64
          >>  last_change_ts: le_u64
-        >>  take!(8)
+        >>  take!(4)
          >>  file_size: le_u64
-        >>  take!(8)
+        >>  eof: le_u64
          >>  file_type: le_u16
-        >>  take!(2)
+        >>  ipc_state: le_u16
          >>  is_dir: le_u8
+        >>  cond!(wct == 42, take!(32))
+        >>  bcc: le_u16
          >> (SmbResponseCreateAndXRecord {
                  fid:fid,
                  create_ts: SMBFiletime::new(create_ts),
author	Victor Julien <victor@inliniac.net>
	Sat, 7 Jul 2018 08:37:59 +0000 (10:37 +0200)
committer	Victor Julien <victor@inliniac.net>
	Fri, 13 Jul 2018 11:37:35 +0000 (13:37 +0200)