From: Victor Julien <victor@inliniac.net>
Date: Mon, 12 Mar 2018 06:57:06 +0000 (+0100)
Subject: smb: log create empty filename as '<share_root>' like Bro does
X-Git-Tag: suricata-4.1.0-beta1~76
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d75ebdb9814eafc520c988a93eacc0d6b8f5c437;p=thirdparty%2Fsuricata.git

smb: log create empty filename as '<share_root>' like Bro does
---

diff --git a/rust/src/smb/log.rs b/rust/src/smb/log.rs
index 2dab5fe1c2..92d390b35b 100644
--- a/rust/src/smb/log.rs
+++ b/rust/src/smb/log.rs
@@ -176,11 +176,16 @@ fn smb_common_header(state: &SMBState, tx: &SMBTransaction) -> Json
         Some(SMBTransactionTypeData::CREATE(ref x)) => {
             let mut name_raw = x.filename.to_vec();
             name_raw.retain(|&i|i != 0x00);
-            let name = String::from_utf8_lossy(&name_raw);
-            if x.directory {
-                js.set_string("directory", &name);
+            if name_raw.len() > 0 {
+                let name = String::from_utf8_lossy(&name_raw);
+                if x.directory {
+                    js.set_string("directory", &name);
+                } else {
+                    js.set_string("filename", &name);
+                }
             } else {
-                js.set_string("filename", &name);
+                // name suggestion from Bro
+                js.set_string("filename", "<share_root>");
             }
             match x.disposition {
                 1 => { js.set_string("disposition", "open"); },