From: Philippe Antoine Date: Thu, 11 Mar 2021 15:12:36 +0000 (+0100) Subject: kerberos: fix probing parser tag condition X-Git-Tag: suricata-5.0.7~20 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=63c77fac2b7be0f0b6be15131e067c854dd17972;p=thirdparty%2Fsuricata.git kerberos: fix probing parser tag condition according to the comment (cherry picked from commit cb150e97d09baea09a738388426eafad3cccff2a) --- diff --git a/rust/src/krb/krb5.rs b/rust/src/krb/krb5.rs index 70a0b8e3bf..eb753600db 100644 --- a/rust/src/krb/krb5.rs +++ b/rust/src/krb/krb5.rs @@ -445,7 +445,7 @@ pub extern "C" fn rs_krb5_probing_parser(_flow: *const Flow, // Kerberos messages start with an APPLICATION header if hdr.class != 0b01 { return unsafe{ALPROTO_FAILED}; } // Tag number should be <= 30 - if hdr.tag >= 30 { return unsafe{ALPROTO_FAILED}; } + if hdr.tag > 30 { return unsafe{ALPROTO_FAILED}; } // Kerberos messages contain sequences if rem.is_empty() || rem[0] != 0x30 { return unsafe{ALPROTO_FAILED}; } // Check kerberos version