From: Philippe Antoine <contact@catenacyber.fr>
Date: Tue, 13 Jul 2021 08:00:48 +0000 (+0200)
Subject: smb: fix parsing of file deletion over SMB1
X-Git-Tag: suricata-7.0.0-beta1~1453
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e5f59e2cbe6305f315f83fcd1c73e31a19c0f5c;p=thirdparty%2Fsuricata.git

smb: fix parsing of file deletion over SMB1
---

diff --git a/rust/src/smb/smb1_records.rs b/rust/src/smb/smb1_records.rs
index 5bc886532b..671ac0f12f 100644
--- a/rust/src/smb/smb1_records.rs
+++ b/rust/src/smb/smb1_records.rs
@@ -594,7 +594,6 @@ pub struct Trans2RecordParamSetFileInfoDisposition<> {
 named!(pub parse_trans2_request_data_set_file_info_disposition<Trans2RecordParamSetFileInfoDisposition>,
     do_parse!(
             delete: le_u8
-        >>  _reserved: take!(3)
         >> (Trans2RecordParamSetFileInfoDisposition {
                 delete: delete & 1 == 1,
             })
@@ -691,16 +690,17 @@ named!(pub parse_smb_trans2_request_record<SmbRequestTrans2Record>,
         >>  _timeout: le_u32
         >>  _reserved2: take!(2)
         >>  param_cnt: le_u16
-        >>  _param_offset: le_u16
+        >>  param_offset: le_u16
         >>  data_cnt: le_u16
-        >>  _data_offset: le_u16
+        >>  data_offset: le_u16
         >>  _setup_cnt: le_u8
         >>  _reserved3: take!(1)
         >>  subcmd: le_u16
         >>  _bcc: le_u16
+        //TODO test and use param_offset
         >>  _padding: take!(3)
-        //TODO test and use _param_offset and _data_offset
         >>  setup_blob: take!(param_cnt)
+        >>  _padding2: cond!(data_offset > param_offset + param_cnt, take!(data_offset - param_offset - param_cnt))
         >>  data_blob: take!(data_cnt)
 
         >> (SmbRequestTrans2Record {