From: Philippe Antoine Date: Fri, 6 Mar 2020 09:45:23 +0000 (+0100) Subject: kerberos: fix against packet split in record size X-Git-Tag: suricata-6.0.0-beta1~671 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=23f796a021cd4a0f2614418a5d2d40acefd56df3;p=thirdparty%2Fsuricata.git kerberos: fix against packet split in record size --- diff --git a/rust/src/krb/krb5.rs b/rust/src/krb/krb5.rs index 4a6896efa7..78e54af139 100644 --- a/rust/src/krb/krb5.rs +++ b/rust/src/krb/krb5.rs @@ -528,7 +528,6 @@ pub extern "C" fn rs_krb5_parse_request_tcp(_flow: *const core::Flow, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8) -> i32 { - if input_len < 4 { return -1; } let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,KRB5State); @@ -556,6 +555,10 @@ pub extern "C" fn rs_krb5_parse_request_tcp(_flow: *const core::Flow, state.record_ts = record as usize; cur_i = rem; }, + Err(nom::Err::Incomplete(_)) => { + state.defrag_buf_ts.extend_from_slice(cur_i); + return 0; + } _ => { SCLogDebug!("rs_krb5_parse_request_tcp: reading record mark failed!"); return 1; @@ -586,7 +589,6 @@ pub extern "C" fn rs_krb5_parse_response_tcp(_flow: *const core::Flow, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8) -> i32 { - if input_len < 4 { return -1; } let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,KRB5State); @@ -614,6 +616,10 @@ pub extern "C" fn rs_krb5_parse_response_tcp(_flow: *const core::Flow, state.record_tc = record as usize; cur_i = rem; }, + Err(nom::Err::Incomplete(_)) => { + state.defrag_buf_tc.extend_from_slice(cur_i); + return 0; + } _ => { SCLogDebug!("reading record mark failed!"); return 1;