dcerpc/udp: fix int mishandling in opnum parsing

For Big Endian support in the protocol, the opnum would not be set
correctly.

Found using undefined sanitizer.

diff --git a/src/app-layer-dcerpc-udp.c b/src/app-layer-dcerpc-udp.c
index 6e845a8c79ffae98848da0630b13eb9847acd358..9eb96956146d2a3e519bb37288ffa8627c68f44e 100644 (file)
--- a/src/app-layer-dcerpc-udp.c
+++ b/src/app-layer-dcerpc-udp.c
@@ -242,8 +242,8 @@ static int DCERPCUDPParseHeader(Flow *f, void *dcerpcudp_state,
                         sstate->dcerpc.dcerpchdrudp.seqnum |= (uint32_t) *(p + 65) << 16;
                         sstate->dcerpc.dcerpchdrudp.seqnum |= (uint32_t) *(p + 66) << 8;
                         sstate->dcerpc.dcerpchdrudp.seqnum |= (uint32_t) *(p + 67);
-                        sstate->dcerpc.dcerpchdrudp.opnum = *(p + 68) << 24;
-                        sstate->dcerpc.dcerpchdrudp.opnum |= *(p + 69) << 16;
+                        sstate->dcerpc.dcerpchdrudp.opnum = *(p + 68) << 8;
+                        sstate->dcerpc.dcerpchdrudp.opnum |= *(p + 69);
                         sstate->dcerpc.dcerpchdrudp.ihint = *(p + 70) << 8;
                         sstate->dcerpc.dcerpchdrudp.ihint |= *(p + 71);
                         sstate->dcerpc.dcerpchdrudp.ahint = *(p + 72) << 8;