From: Philippe Antoine Date: Tue, 22 Nov 2022 20:47:37 +0000 (+0100) Subject: smb: do not use tree id to match request and response X-Git-Tag: suricata-7.0.0-rc1~336 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=af445045501668aeba5b450fe4def6859cde834e;p=thirdparty%2Fsuricata.git smb: do not use tree id to match request and response Completes commit e94920b49f43bea4220a1bdf32297ec004e58059 This must be true for access to state ssn2vecoffset_map Ticket: #5161 --- diff --git a/rust/src/smb/smb2.rs b/rust/src/smb/smb2.rs index dc0aeb5417..059579f4b3 100644 --- a/rust/src/smb/smb2.rs +++ b/rust/src/smb/smb2.rs @@ -144,7 +144,7 @@ pub fn smb2_read_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) // get the request info. If we don't have it, there is nothing // we can do except skip this record. - let guid_key = SMBCommonHdr::from2(r, SMBHDR_TYPE_OFFSET); + let guid_key = SMBCommonHdr::from2_notree(r, SMBHDR_TYPE_OFFSET); let (offset, file_guid) = match state.ssn2vecoffset_map.remove(&guid_key) { Some(o) => (o.offset, o.guid), None => { @@ -548,7 +548,7 @@ pub fn smb2_request_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) rd.guid, rd.rd_len, rd.rd_offset); // store read guid,offset in map - let guid_key = SMBCommonHdr::from2(r, SMBHDR_TYPE_OFFSET); + let guid_key = SMBCommonHdr::from2_notree(r, SMBHDR_TYPE_OFFSET); let guidoff = SMBFileGUIDOffset::new(rd.guid.to_vec(), rd.rd_offset); state.ssn2vecoffset_map.insert(guid_key, guidoff); } @@ -696,7 +696,7 @@ pub fn smb2_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) } else if r.nt_status == SMB_NTSTATUS_END_OF_FILE { SCLogDebug!("SMBv2: read response => EOF"); - let guid_key = SMBCommonHdr::from2(r, SMBHDR_TYPE_OFFSET); + let guid_key = SMBCommonHdr::from2_notree(r, SMBHDR_TYPE_OFFSET); let file_guid = match state.ssn2vecoffset_map.remove(&guid_key) { Some(o) => o.guid, _ => {