From: Victor Julien Date: Sat, 10 Mar 2018 08:42:55 +0000 (+0100) Subject: smb: make string parsing functions public X-Git-Tag: suricata-4.1.0-beta1~82 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1c701dc50e1ea6ed24a2b46752e1b6a49fcbee10;p=thirdparty%2Fsuricata.git smb: make string parsing functions public --- diff --git a/rust/src/smb/smb1_session.rs b/rust/src/smb/smb1_session.rs index 4fd971cc25..77ca72058c 100644 --- a/rust/src/smb/smb1_session.rs +++ b/rust/src/smb/smb1_session.rs @@ -37,7 +37,10 @@ pub struct SessionSetupResponse { pub native_lm: Vec, } -fn get_unicode_string(blob: &[u8]) -> IResult<&[u8], Vec> +/// parse a UTF16 string that is null terminated. Normally by 2 null +/// bytes, but at the end of the data it can also be a single null. +/// Skip every second byte. +pub fn smb_get_unicode_string(blob: &[u8]) -> IResult<&[u8], Vec> { SCLogDebug!("get_unicode_string: blob {} {:?}", blob.len(), blob); let mut name : Vec = Vec::new(); @@ -61,7 +64,8 @@ fn get_unicode_string(blob: &[u8]) -> IResult<&[u8], Vec> IResult::Error(error_code!(ErrorKind::Custom(130))) } -named!(pub get_nullterm_string>, +/// parse an ASCII string that is null terminated +named!(pub smb_get_ascii_string>, do_parse!( s: take_until_and_consume!("\x00") >> ( s.to_vec() ) @@ -72,11 +76,11 @@ pub fn smb1_session_setup_request_host_info(r: &SmbRecord, blob: &[u8]) -> Sessi if blob.len() > 1 && r.has_unicode_support() { let offset = r.data.len() - blob.len(); let blob = if offset % 2 == 1 { &blob[1..] } else { blob }; - let (native_os, native_lm, primary_domain) = match get_unicode_string(blob) { + let (native_os, native_lm, primary_domain) = match smb_get_unicode_string(blob) { IResult::Done(rem, n1) => { - match get_unicode_string(rem) { + match smb_get_unicode_string(rem) { IResult::Done(rem, n2) => { - match get_unicode_string(rem) { + match smb_get_unicode_string(rem) { IResult::Done(_, n3) => { (n1, n2, n3) }, _ => { (n1, n2, Vec::new()) }, } @@ -94,11 +98,11 @@ pub fn smb1_session_setup_request_host_info(r: &SmbRecord, blob: &[u8]) -> Sessi primary_domain:primary_domain, } } else { - let (native_os, native_lm, primary_domain) = match get_nullterm_string(blob) { + let (native_os, native_lm, primary_domain) = match smb_get_ascii_string(blob) { IResult::Done(rem, n1) => { - match get_nullterm_string(rem) { + match smb_get_ascii_string(rem) { IResult::Done(rem, n2) => { - match get_nullterm_string(rem) { + match smb_get_ascii_string(rem) { IResult::Done(_, n3) => { (n1, n2, n3) }, _ => { (n1, n2, Vec::new()) }, } @@ -123,9 +127,9 @@ pub fn smb1_session_setup_response_host_info(r: &SmbRecord, blob: &[u8]) -> Sess if blob.len() > 1 && r.has_unicode_support() { let offset = r.data.len() - blob.len(); let blob = if offset % 2 == 1 { &blob[1..] } else { blob }; - let (native_os, native_lm) = match get_unicode_string(blob) { + let (native_os, native_lm) = match smb_get_unicode_string(blob) { IResult::Done(rem, n1) => { - match get_unicode_string(rem) { + match smb_get_unicode_string(rem) { IResult::Done(_, n2) => (n1, n2), _ => { (n1, Vec::new()) }, } @@ -140,9 +144,9 @@ pub fn smb1_session_setup_response_host_info(r: &SmbRecord, blob: &[u8]) -> Sess } } else { SCLogDebug!("session_setup_response_host_info: not unicode"); - let (native_os, native_lm) = match get_nullterm_string(blob) { + let (native_os, native_lm) = match smb_get_ascii_string(blob) { IResult::Done(rem, n1) => { - match get_nullterm_string(rem) { + match smb_get_ascii_string(rem) { IResult::Done(_, n2) => (n1, n2), _ => { (n1, Vec::new()) }, }