enip: fix too restrictive check in probing parser

author Philippe Antoine <contact@catenacyber.fr>

Wed, 15 Dec 2021 20:11:05 +0000 (21:11 +0100)

committer Victor Julien <vjulien@oisf.net>

Tue, 18 Jan 2022 11:21:55 +0000 (12:21 +0100)
author Philippe Antoine <contact@catenacyber.fr>
Wed, 15 Dec 2021 20:11:05 +0000 (21:11 +0100)
committer Victor Julien <vjulien@oisf.net>
Tue, 18 Jan 2022 11:21:55 +0000 (12:21 +0100)
diff --git a/src/app-layer-enip.c b/src/app-layer-enip.c

index cc814bc80852cdb3ba0dc3e3935288ffaae058e9..25322ab1a9bd9d43725261e8ae2e17738fcc416e 100644 (file)
--- a/src/app-layer-enip.c
+++ b/src/app-layer-enip.c
@@ -359,15 +359,7 @@ static uint16_t ENIPProbingParser(Flow *f, uint8_t direction,
      uint32_t option;
      uint16_t nbitems;
  
-    int ret = ByteExtractUint16(
-            &enip_len, BYTE_LITTLE_ENDIAN, sizeof(uint16_t), (const uint8_t *)(input + 2));
-    if (ret < 0) {
-        return ALPROTO_FAILED;
-    }
-    if (enip_len < sizeof(ENIPEncapHdr)) {
-        return ALPROTO_FAILED;
-    }
-    ret = ByteExtractUint32(
+    int ret = ByteExtractUint32(
              &status, BYTE_LITTLE_ENDIAN, sizeof(uint32_t), (const uint8_t *)(input + 8));
      if (ret < 0) {
          return ALPROTO_FAILED;
@@ -394,6 +386,11 @@ static uint16_t ENIPProbingParser(Flow *f, uint8_t direction,
      if (ret < 0) {
          return ALPROTO_FAILED;
      }
+    ret = ByteExtractUint16(
+            &enip_len, BYTE_LITTLE_ENDIAN, sizeof(uint16_t), (const uint8_t *)(input + 2));
+    if (ret < 0) {
+        return ALPROTO_FAILED;
+    }
  
      //ok for all the known commands
      switch(cmd) {
author	Philippe Antoine <contact@catenacyber.fr>
	Wed, 15 Dec 2021 20:11:05 +0000 (21:11 +0100)
committer	Victor Julien <vjulien@oisf.net>
	Tue, 18 Jan 2022 11:21:55 +0000 (12:21 +0100)