From: Lokesh Bevinamarad (lbevinam) <lbevinam@cisco.com>
Date: Fri, 27 Nov 2020 14:01:33 +0000 (+0000)
Subject: Merge pull request #2569 in SNORT/snort3 from ~NEHASH4/snort3:null_flow_crash to... 
X-Git-Tag: 3.0.3-6~29
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=444135a4fe622e5d73fd10bd04bbf01c684f3471;p=thirdparty%2Fsnort3.git

Merge pull request #2569 in SNORT/snort3 from ~NEHASH4/snort3:null_flow_crash to master

Squashed commit of the following:

commit fa300bfbf81b674b23c18de4ee80ffad10e9ec2d
Author: Neha Sharma <nehash4@cisco.com>
Date:   Fri Oct 23 03:01:20 2020 -0400

    dce_rpc: fixed incorrect accessing of FileFlows while pruning the flow
---

diff --git a/src/file_api/file_flows.cc b/src/file_api/file_flows.cc
index 03035494d..cc6c0090b 100644
--- a/src/file_api/file_flows.cc
+++ b/src/file_api/file_flows.cc
@@ -83,12 +83,12 @@ void FileFlows::handle_retransmit(Packet* p)
     file->log_file_event(flow, file_policy);
 }
 
-FileFlows* FileFlows::get_file_flows(Flow* flow)
+FileFlows* FileFlows::get_file_flows(Flow* flow, bool to_create)
 {
 
     FileFlows* fd = (FileFlows*)flow->get_flow_data(FileFlows::file_flow_data_id);
 
-    if (fd)
+    if (!to_create or fd)
         return fd;
 
     FileInspect* fi = (FileInspect*)InspectorManager::get_inspector(FILE_ID_NAME, true);
diff --git a/src/file_api/file_flows.h b/src/file_api/file_flows.h
index ff17fcb11..f6321caa1 100644
--- a/src/file_api/file_flows.h
+++ b/src/file_api/file_flows.h
@@ -63,7 +63,7 @@ public:
     void handle_retransmit(Packet*) override;
 
     // Factory method to get file flows
-    static FileFlows* get_file_flows(Flow*);
+    static FileFlows* get_file_flows(Flow*, bool to_create=true);
     static FilePolicyBase* get_file_policy(Flow*);
 
     FileContext* get_current_file_context();
diff --git a/src/service_inspectors/dce_rpc/dce_smb2.cc b/src/service_inspectors/dce_rpc/dce_smb2.cc
index 229a2f973..a53565f4d 100644
--- a/src/service_inspectors/dce_rpc/dce_smb2.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb2.cc
@@ -103,7 +103,8 @@ DCE2_Smb2RequestTracker::~DCE2_Smb2RequestTracker()
 }
 
 DCE2_Smb2FileTracker::DCE2_Smb2FileTracker(uint64_t file_id_v, DCE2_Smb2TreeTracker* ttr_v,
-    DCE2_Smb2SessionTracker* str_v) : file_id(file_id_v), ttr(ttr_v), str(str_v)
+    DCE2_Smb2SessionTracker* str_v, Flow* flow_v) : file_id(file_id_v), ttr(ttr_v),
+    str(str_v), flow(flow_v)
 {
     debug_logf(dce_smb_trace, nullptr, "file tracker %" PRIu64 " created\n", file_id);
     memory::MemoryCap::update_allocations(sizeof(*this));
@@ -114,7 +115,8 @@ DCE2_Smb2FileTracker::~DCE2_Smb2FileTracker(void)
     debug_logf(dce_smb_trace, nullptr,
         "file tracker %" PRIu64 " file name hash %" PRIu64 " terminating\n",
          file_id, file_name_hash);
-    FileFlows* file_flows = FileFlows::get_file_flows(DetectionEngine::get_current_packet()->flow);
+
+    FileFlows* file_flows = FileFlows::get_file_flows(flow, false);
     if (file_flows)
     {
         file_flows->remove_processed_file_context(file_name_hash, file_id);
diff --git a/src/service_inspectors/dce_rpc/dce_smb2.h b/src/service_inspectors/dce_rpc/dce_smb2.h
index 8caa9f383..490d7f8ac 100644
--- a/src/service_inspectors/dce_rpc/dce_smb2.h
+++ b/src/service_inspectors/dce_rpc/dce_smb2.h
@@ -138,7 +138,7 @@ public:
     DCE2_Smb2FileTracker& operator=(const DCE2_Smb2FileTracker& arg) = delete;
 
     DCE2_Smb2FileTracker(uint64_t file_id_v, DCE2_Smb2TreeTracker* ttr_v,
-         DCE2_Smb2SessionTracker* str_v);
+         DCE2_Smb2SessionTracker* str_v, snort::Flow* flow_v);
     ~DCE2_Smb2FileTracker();
 
     bool ignore = false;
@@ -153,6 +153,7 @@ public:
     DCE2_SmbPduState smb2_pdu_state;
     DCE2_Smb2TreeTracker* ttr = nullptr;
     DCE2_Smb2SessionTracker* str = nullptr;
+    snort::Flow *flow = nullptr;
 };
 
 typedef DCE2_DbMap<uint64_t, DCE2_Smb2FileTracker*, std::hash<uint64_t> > DCE2_DbMapFtracker;
diff --git a/src/service_inspectors/dce_rpc/dce_smb2_commands.cc b/src/service_inspectors/dce_rpc/dce_smb2_commands.cc
index fb7d395f4..a7a81672f 100644
--- a/src/service_inspectors/dce_rpc/dce_smb2_commands.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb2_commands.cc
@@ -305,7 +305,7 @@ static void DCE2_Smb2CreateResponse(DCE2_Smb2SsnData*,
     DCE2_Smb2FileTracker* ftracker = ttr->findFtracker(fileId_persistent);
     if (!ftracker)
     {
-        ftracker = new DCE2_Smb2FileTracker(fileId_persistent, ttr, str);
+        ftracker = new DCE2_Smb2FileTracker(fileId_persistent, ttr, str, DetectionEngine::get_current_packet()->flow);
         ttr->insertFtracker(fileId_persistent, ftracker);
     }
     ftracker->file_name = rtracker->fname;
@@ -608,7 +608,7 @@ static void DCE2_Smb2ReadRequest(DCE2_Smb2SsnData* ssd,
     DCE2_Smb2FileTracker* ftracker =  ttr->findFtracker(fileId_persistent);
     if (!ftracker) // compounded create request + read request case
     {
-        ftracker = new DCE2_Smb2FileTracker(fileId_persistent, ttr, str);
+        ftracker = new DCE2_Smb2FileTracker(fileId_persistent, ttr, str, DetectionEngine::get_current_packet()->flow);
         ttr->insertFtracker(fileId_persistent, ftracker);
     }
 
@@ -761,7 +761,7 @@ static void DCE2_Smb2WriteRequest(DCE2_Smb2SsnData* ssd, const Smb2Hdr* smb_hdr,
     DCE2_Smb2FileTracker* ftracker = ttr->findFtracker(fileId_persistent);
     if (!ftracker) // compounded create request + write request case
     {
-        ftracker = new DCE2_Smb2FileTracker(fileId_persistent, ttr, str);
+        ftracker = new DCE2_Smb2FileTracker(fileId_persistent, ttr, str, DetectionEngine::get_current_packet()->flow);
         ttr->insertFtracker(fileId_persistent, ftracker);
     }
     if (!ftracker->ignore) // file tracker can not be nullptr here