smb2: improve write error handling

author Victor Julien <victor@inliniac.net>

Thu, 1 Mar 2018 09:31:07 +0000 (10:31 +0100)

committer Victor Julien <victor@inliniac.net>

Mon, 12 Mar 2018 14:34:42 +0000 (15:34 +0100)
author Victor Julien <victor@inliniac.net>
Thu, 1 Mar 2018 09:31:07 +0000 (10:31 +0100)
committer Victor Julien <victor@inliniac.net>
Mon, 12 Mar 2018 14:34:42 +0000 (15:34 +0100)
diff --git a/rust/src/smb/smb2.rs b/rust/src/smb/smb2.rs

index 5ec0bd9b60cf2b1db85e2ab4bf250d737b4e6df7..bd068f34693a02b0b19b137ddb8f85dd0b2cc358 100644 (file)
--- a/rust/src/smb/smb2.rs
+++ b/rust/src/smb/smb2.rs
@@ -527,25 +527,28 @@ pub fn smb2_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
              true
          },
          SMB2_COMMAND_WRITE => {
-            match parse_smb2_response_write(r.data) {
-                IResult::Done(_, wr) => {
-                    SCLogDebug!("SMBv2: Write response => {:?}", wr);
-
-                    /* search key-guid map */
-                    let guid_key = SMBCommonHdr::new(SMBHDR_TYPE_GUID,
-                            r.session_id, r.tree_id, r.message_id);
-                    let guid_vec = match state.ssn2vec_map.remove(&guid_key) {
-                        Some(p) => p,
-                        None => {
-                            SCLogDebug!("SMBv2 response: GUID NOT FOUND");
-                            Vec::new()
-                        },
-                    };
-                    SCLogDebug!("SMBv2 write response for GUID {:?}", guid_vec);
+            if r.nt_status == SMB_NTSTATUS_SUCCESS {
+                match parse_smb2_response_write(r.data)
+                {
+                    IResult::Done(_, wr) => {
+                        SCLogDebug!("SMBv2: Write response => {:?}", wr);
+
+                        /* search key-guid map */
+                        let guid_key = SMBCommonHdr::new(SMBHDR_TYPE_GUID,
+                                r.session_id, r.tree_id, r.message_id);
+                        let guid_vec = match state.ssn2vec_map.remove(&guid_key) {
+                            Some(p) => p,
+                            None => {
+                                SCLogDebug!("SMBv2 response: GUID NOT FOUND");
+                                Vec::new()
+                            },
+                        };
+                        SCLogDebug!("SMBv2 write response for GUID {:?}", guid_vec);
+                    }
+                    _ => {
+                        events.push(SMBEvent::MalformedData);
+                    },
                  }
-                _ => {
-                    events.push(SMBEvent::MalformedData);
-                },
              }
              false // the request may have created a generic tx, so handle that here
          },
@@ -686,9 +689,7 @@ pub fn smb2_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
                              tx.response_done = true;
                              true
                          },
-                        None => {
-                           false
-                        },
+                        None => { false },
                      };
                      found1 || found2
                  },
author	Victor Julien <victor@inliniac.net>
	Thu, 1 Mar 2018 09:31:07 +0000 (10:31 +0100)
committer	Victor Julien <victor@inliniac.net>
	Mon, 12 Mar 2018 14:34:42 +0000 (15:34 +0100)