]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0c94814)
nfs: improve probing parser 6198/head
authorPhilippe Antoine <contact@catenacyber.fr>
Tue, 16 Mar 2021 12:07:16 +0000 (13:07 +0100)
committerVictor Julien <victor@inliniac.net>
Tue, 15 Jun 2021 08:07:23 +0000 (10:07 +0200)
Checks credentials flavor is known

rust/src/nfs/nfs.rs patch | blob | blame | history
rust/src/nfs/types.rs patch | blob | blame | history

diff --git a/rust/src/nfs/nfs.rs b/rust/src/nfs/nfs.rs
index 1dfa08bee95dc230245ecbb169d4a5752e371abb..5bbf8c82e44ba334899465b7bf676e76c1acfa9d 100644 (file)
--- a/rust/src/nfs/nfs.rs
+++ b/rust/src/nfs/nfs.rs
@@ -1734,7 +1734,7 @@ pub fn nfs_probe(i: &[u8], direction: u8) -> i8 {
                    rpc.program == 100003 &&
                    rpc.procedure <= NFSPROC3_COMMIT
                 {
-                    return 1;
+                    return rpc_auth_type_known(rpc.creds_flavor);
                 } else {
                     return -1;
                 }
diff --git a/rust/src/nfs/types.rs b/rust/src/nfs/types.rs
index d3f313a39d0b51e2a69df5dbcf432b4f6e12cac4..c8ddfafc11a26c6f4135fce6b4254cd24aced973 100644 (file)
--- a/rust/src/nfs/types.rs
+++ b/rust/src/nfs/types.rs
@@ -177,6 +177,14 @@ pub fn rpc_auth_type_string(auth_type: u32) -> String {
     }.to_string()
 }
 
+pub fn rpc_auth_type_known(auth_type: u32) -> i8 {
+    // RPCAUTH_GSS is the maximum
+    if auth_type <= RPCAUTH_GSS {
+        return 1;
+    }
+    return -1;
+}
+
 /* http://www.iana.org/assignments/rpc-authentication-numbers/rpc-authentication-numbers.xhtml */
 pub const RPCAUTH_OK:                   u32 = 0;  // success/failed at remote end    [RFC5531]
 pub const RPCAUTH_BADCRED:              u32 = 1;  // bad credential (seal broken)    [RFC5531]
Mirror of https://github.com/OISF/suricata.git