From: Shivani Bhardwaj <shivanib134@gmail.com>
Date: Fri, 8 Oct 2021 00:35:29 +0000 (+0530)
Subject: ssh: fix match on ssh banner
X-Git-Tag: suricata-6.0.4~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2616afa62584a2402f7fcdbbcf1149605e24461d;p=thirdparty%2Fsuricata.git

ssh: fix match on ssh banner

Default detection handling of SSH should not be to pass in case the
direction was not a match but to treat it like it was meant to server.
---

diff --git a/rust/src/ssh/detect.rs b/rust/src/ssh/detect.rs
index ed5341625b..f935651937 100644
--- a/rust/src/ssh/detect.rs
+++ b/rust/src/ssh/detect.rs
@@ -16,7 +16,7 @@
  */
 
 use super::ssh::SSHTransaction;
-use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
+use crate::core::STREAM_TOCLIENT;
 use std::ptr;
 
 #[no_mangle]
@@ -24,28 +24,24 @@ pub extern "C" fn rs_ssh_tx_get_protocol(
     tx: *mut std::os::raw::c_void, buffer: *mut *const u8, buffer_len: *mut u32, direction: u8,
 ) -> u8 {
     let tx = cast_pointer!(tx, SSHTransaction);
-    match direction {
-        STREAM_TOSERVER => {
-            let m = &tx.cli_hdr.protover;
-            if m.len() > 0 {
-                unsafe {
-                    *buffer = m.as_ptr();
-                    *buffer_len = m.len() as u32;
-                }
-                return 1;
+    if direction & STREAM_TOCLIENT != 0 {
+        let m = &tx.srv_hdr.protover;
+        if m.len() > 0 {
+            unsafe {
+                *buffer = m.as_ptr();
+                *buffer_len = m.len() as u32;
             }
+            return 1;
         }
-        STREAM_TOCLIENT => {
-            let m = &tx.srv_hdr.protover;
-            if m.len() > 0 {
-                unsafe {
-                    *buffer = m.as_ptr();
-                    *buffer_len = m.len() as u32;
-                }
-                return 1;
+    } else {
+        let m = &tx.cli_hdr.protover;
+        if m.len() > 0 {
+            unsafe {
+                *buffer = m.as_ptr();
+                *buffer_len = m.len() as u32;
             }
+            return 1;
         }
-        _ => {}
     }
     unsafe {
         *buffer = ptr::null();
@@ -60,28 +56,24 @@ pub extern "C" fn rs_ssh_tx_get_software(
     tx: *mut std::os::raw::c_void, buffer: *mut *const u8, buffer_len: *mut u32, direction: u8,
 ) -> u8 {
     let tx = cast_pointer!(tx, SSHTransaction);
-    match direction {
-        STREAM_TOSERVER => {
-            let m = &tx.cli_hdr.swver;
-            if m.len() > 0 {
-                unsafe {
-                    *buffer = m.as_ptr();
-                    *buffer_len = m.len() as u32;
-                }
-                return 1;
+    if direction & STREAM_TOCLIENT != 0 {
+        let m = &tx.srv_hdr.swver;
+        if m.len() > 0 {
+            unsafe {
+                *buffer = m.as_ptr();
+                *buffer_len = m.len() as u32;
             }
+            return 1;
         }
-        STREAM_TOCLIENT => {
-            let m = &tx.srv_hdr.swver;
-            if m.len() > 0 {
-                unsafe {
-                    *buffer = m.as_ptr();
-                    *buffer_len = m.len() as u32;
-                }
-                return 1;
+    } else {
+        let m = &tx.cli_hdr.swver;
+        if m.len() > 0 {
+            unsafe {
+                *buffer = m.as_ptr();
+                *buffer_len = m.len() as u32;
             }
+            return 1;
         }
-        _ => {}
     }
     unsafe {
         *buffer = ptr::null();
@@ -99,28 +91,24 @@ pub extern "C" fn rs_ssh_tx_get_hassh(
     direction: u8,
 ) -> u8 {
     let tx = cast_pointer!(tx, SSHTransaction);
-    match direction {
-        STREAM_TOSERVER => {
-            let m = &tx.cli_hdr.hassh;
-            if m.len() > 0 {
-                unsafe {
-                    *buffer = m.as_ptr();
-                    *buffer_len = m.len() as u32;
-                }
-                return 1;
+    if direction & STREAM_TOCLIENT != 0 {
+        let m = &tx.srv_hdr.hassh;
+        if m.len() > 0 {
+            unsafe {
+                *buffer = m.as_ptr();
+                *buffer_len = m.len() as u32;
             }
+            return 1;
         }
-        STREAM_TOCLIENT => {
-            let m = &tx.srv_hdr.hassh;
-            if m.len() > 0 {
-                unsafe {
-                    *buffer = m.as_ptr();
-                    *buffer_len = m.len() as u32;
-                }
-                return 1;
+    } else {
+        let m = &tx.cli_hdr.hassh;
+        if m.len() > 0 {
+            unsafe {
+                *buffer = m.as_ptr();
+                *buffer_len = m.len() as u32;
             }
+            return 1;
         }
-        _ => {}
     }
     unsafe {
         *buffer = ptr::null();
@@ -138,28 +126,24 @@ pub extern "C" fn rs_ssh_tx_get_hassh_string(
     direction: u8,
 ) -> u8 {
     let tx = cast_pointer!(tx, SSHTransaction);
-    match direction {
-        STREAM_TOSERVER => {
-            let m = &tx.cli_hdr.hassh_string;
-            if m.len() > 0 {
-                unsafe {
-                    *buffer = m.as_ptr();
-                    *buffer_len = m.len() as u32;
-                }
-                return 1;
+    if direction & STREAM_TOCLIENT != 0 {
+        let m = &tx.srv_hdr.hassh_string;
+        if m.len() > 0 {
+            unsafe {
+                *buffer = m.as_ptr();
+                *buffer_len = m.len() as u32;
             }
+            return 1;
         }
-        STREAM_TOCLIENT => {
-            let m = &tx.srv_hdr.hassh_string;
-            if m.len() > 0 {
-                unsafe {
-                    *buffer = m.as_ptr();
-                    *buffer_len = m.len() as u32;
-                }
-                return 1;
+    } else {
+        let m = &tx.cli_hdr.hassh_string;
+        if m.len() > 0 {
+            unsafe {
+                *buffer = m.as_ptr();
+                *buffer_len = m.len() as u32;
             }
+            return 1;
         }
-        _ => {}
     }
     unsafe {
         *buffer = ptr::null();