smb2: validate negotiate read/write max sizes

Raise event if they exceed the configured limit.

diff --git a/rust/src/smb/events.rs b/rust/src/smb/events.rs
index 650fb7d6f63262b7876a235697db9e847ff6e662..980801e4cdff8da71a1e6869a66c5ccd2075977e 100644 (file)
--- a/rust/src/smb/events.rs
+++ b/rust/src/smb/events.rs
@@ -31,6 +31,11 @@ pub enum SMBEvent {
     RequestToClient,
     /// A response was seen in the to server direction,
     ResponseToServer,
+
+    /// Negotiated max sizes exceed our limit
+    NegotiateMaxReadSizeTooLarge,
+    NegotiateMaxWriteSizeTooLarge,
+
     /// READ request asking for more than `max_read_size`
     ReadRequestTooLarge,
     /// READ response bigger than `max_read_size`

diff --git a/rust/src/smb/smb2.rs b/rust/src/smb/smb2.rs
index 0590642a3742ff6e167e93908ab1aefb245aee7d..34c6a43573d408626ecc054496b34ff4ae34b6a6 100644 (file)
--- a/rust/src/smb/smb2.rs
+++ b/rust/src/smb/smb2.rs
@@ -827,6 +827,15 @@ pub fn smb2_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
                 Ok((_, rd)) => {
                     SCLogDebug!("SERVER dialect => {}", &smb2_dialect_string(rd.dialect));
 
+                    let smb_cfg_max_read_size = unsafe { SMB_CFG_MAX_READ_SIZE };
+                    if smb_cfg_max_read_size != 0 && rd.max_read_size > smb_cfg_max_read_size {
+                        state.set_event(SMBEvent::NegotiateMaxReadSizeTooLarge);
+                    }
+                    let smb_cfg_max_write_size = unsafe { SMB_CFG_MAX_WRITE_SIZE };
+                    if smb_cfg_max_write_size != 0 && rd.max_write_size > smb_cfg_max_write_size {
+                        state.set_event(SMBEvent::NegotiateMaxWriteSizeTooLarge);
+                    }
+
                     state.dialect = rd.dialect;
                     state.max_read_size = rd.max_read_size;
                     state.max_write_size = rd.max_write_size;