From: Nick Price <nick@spun.io>
Date: Thu, 28 Dec 2017 16:11:17 +0000 (-0500)
Subject: rust/nfs: don't panic on malformed NFS traffic
X-Git-Tag: suricata-4.0.4~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=82d66b8e94cb84bede6175c8738364a07627b511;p=thirdparty%2Fsuricata.git

rust/nfs: don't panic on malformed NFS traffic

Instead set events.
---

diff --git a/rust/src/nfs/nfs.rs b/rust/src/nfs/nfs.rs
index 60a5107b85..279bc0739d 100644
--- a/rust/src/nfs/nfs.rs
+++ b/rust/src/nfs/nfs.rs
@@ -95,9 +95,8 @@ pub static mut SURICATA_NFS3_FILE_CONFIG: Option<&'static SuricataFileContext> =
 #[repr(u32)]
 pub enum NFSEvent {
     MalformedData = 0,
-    /* remove 'Padding' when more events are added. Rustc 1.7 won't
-     *   accept a single field enum with repr(u32) */
-    Padding,
+    NonExistingVersion = 1,
+    UnsupportedVersion = 2,
 }
 
 #[derive(Debug)]
@@ -1061,15 +1060,24 @@ impl NFSState {
         }
 
         match xidmap.progver {
+            2 => {
+                SCLogDebug!("NFSv2 reply record");
+                return self.process_reply_record_v2(r, &xidmap);
+            },
             3 => {
                 SCLogDebug!("NFSv3 reply record");
                 return self.process_reply_record_v3(r, &mut xidmap);
             },
-            2 => {
-                SCLogDebug!("NFSv2 reply record");
-                return self.process_reply_record_v2(r, &xidmap);
+            4 => {
+                SCLogDebug!("NFSv4 unsupported");
+                self.set_event(NFSEvent::UnsupportedVersion);
+                return 0;
+            },
+            _ => {
+                SCLogDebug!("Invalid NFS version");
+                self.set_event(NFSEvent::NonExistingVersion);
+                return 0;
             },
-            _ => { panic!("unsupported NFS version"); },
         }
     }