From: Eloy Pérez González <zer1t0ps@protonmail.com>
Date: Fri, 22 Oct 2021 11:52:14 +0000 (+0200)
Subject: smb/dce_iface: use DCERPC_TYPE_REQUEST
X-Git-Tag: suricata-5.0.10~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c3d4fa33086899bf7fff7f9c4a5f9e50b1e6c7d0;p=thirdparty%2Fsuricata.git

smb/dce_iface: use DCERPC_TYPE_REQUEST

The smb dce_iface keyword must match for all those dcerpc requests and
responses sent in the context of the given interface. They are not
matching because in rs_smb_tx_get_dce_iface, x.req_cmd is erroneously
compared with 1. Fix this by comparing with DCERPC_TYPE_REQUEST instead.

Ticket: 4767
(cherry picked from commit 1ae22fd5de3155c356c1191759cb7c066498a93e)
---

diff --git a/rust/src/smb/detect.rs b/rust/src/smb/detect.rs
index 86f6a60a34..c5c404112b 100644
--- a/rust/src/smb/detect.rs
+++ b/rust/src/smb/detect.rs
@@ -183,7 +183,9 @@ pub extern "C" fn rs_smb_tx_get_dce_iface(state: &mut SMBState,
                                             -> u8
 {
     let is_dcerpc_request = match tx.type_data {
-        Some(SMBTransactionTypeData::DCERPC(ref x)) => { x.req_cmd == 1 },
+        Some(SMBTransactionTypeData::DCERPC(ref x)) => {
+            x.req_cmd == DCERPC_TYPE_REQUEST
+        },
         _ => { false },
     };
     if !is_dcerpc_request {