From: Victor Julien Date: Mon, 21 Feb 2022 09:08:41 +0000 (+0100) Subject: rpc: enforce various field values X-Git-Tag: suricata-5.0.9~58 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bca7d9649a1788f6109de2c49f9d4ce2dd88bcf6;p=thirdparty%2Fsuricata.git rpc: enforce various field values Minimal frag_len. Correct msgtype and others. (cherry picked from commit 1c57e3c18d746743bc2cbcaba35f78b5f9b15675) --- diff --git a/rust/src/nfs/rpc_records.rs b/rust/src/nfs/rpc_records.rs index 8565d998e3..c6a37c63b8 100644 --- a/rust/src/nfs/rpc_records.rs +++ b/rust/src/nfs/rpc_records.rs @@ -127,10 +127,10 @@ named!(pub parse_rpc_packet_header, do_parse!( fraghdr: bits!(tuple!( take_bits!(u8, 1), // is_last - take_bits!(u32, 31))) // len + verify!(take_bits!(u32, 31), |v| v >= 24))) // len >> xid: be_u32 - >> msgtype: be_u32 + >> msgtype: verify!(be_u32, |v| v <= 1) >> ( RpcPacketHeader { frag_is_last:fraghdr.0 == 1, @@ -251,7 +251,7 @@ named!(pub parse_rpc_reply, do_parse!( hdr: parse_rpc_packet_header - >> reply_state: be_u32 + >> reply_state: verify!(be_u32, |v| v <= 1) >> verifier_flavor: be_u32 >> verifier_len: verify!(be_u32, |size| size < RPC_MAX_VERIFIER_SIZE) @@ -280,7 +280,7 @@ named!(pub parse_rpc_reply, named!(pub parse_rpc_udp_packet_header, do_parse!( xid: be_u32 - >> msgtype: be_u32 + >> msgtype: verify!(be_u32, |v| v <= 1) >> ( RpcPacketHeader { frag_is_last:false, @@ -342,7 +342,7 @@ named!(pub parse_rpc_udp_reply, >> verifier_len: verify!(be_u32, |size| size < RPC_MAX_VERIFIER_SIZE) >> verifier: cond!(verifier_len > 0, take!(verifier_len as usize)) - >> reply_state: be_u32 + >> reply_state: verify!(be_u32, |v| v <= 1) >> accept_state: be_u32 >> pl: rest