]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fe50461)
smb: probing parser for start and midstream
authorPhilippe Antoine <contact@catenacyber.fr>
Tue, 2 Feb 2021 12:31:08 +0000 (13:31 +0100)
committerVictor Julien <victor@inliniac.net>
Sat, 27 Feb 2021 17:47:02 +0000 (18:47 +0100)
The probing parser is more strict at the start of the stream

(cherry picked from commit 1b6e81cd7284355cb4315606cac30325e144d25a)

rust/src/smb/smb.rs patch | blob | blame | history

diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs
index ada497b5791f6fa55dd6f2e1c46a3106a0e5799c..f81be26062df0558e6a72a9933296f2f867d9cd4 100644 (file)
--- a/rust/src/smb/smb.rs
+++ b/rust/src/smb/smb.rs
@@ -1977,8 +1977,10 @@ pub extern "C" fn rs_smb_probe_tcp(flags: u8,
     -> i8
 {
     let slice = build_slice!(input, len as usize);
-    if rs_smb_probe_tcp_midstream(flags, slice, rdir) == 1 {
-        return 1;
+    if flags & STREAM_MIDSTREAM == STREAM_MIDSTREAM {
+        if rs_smb_probe_tcp_midstream(flags, slice, rdir) == 1 {
+            return 1;
+        }
     }
     match parse_nbss_record_partial(slice) {
         Ok((_, ref hdr)) => {
Mirror of https://github.com/OISF/suricata.git