From: George Koikara (gkoikara) <gkoikara@cisco.com>
Date: Mon, 23 Mar 2020 08:38:46 +0000 (+0000)
Subject: Merge pull request #1952 in SNORT/snort3 from ~NEHASH4/snort3:CSCvh69673 to master
X-Git-Tag: 3.0.0-270~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df678ce3594c9e25764fc7ad4fbe7014782578ef;p=thirdparty%2Fsnort3.git

Merge pull request #1952 in SNORT/snort3 from ~NEHASH4/snort3:CSCvh69673 to master

Squashed commit of the following:

commit ad1702181be3428dba9fb67fdc5215134a8cc648
Author: neha sharma <nehash4@cisco.com>
Date:   Wed Feb 5 11:36:31 2020 -0500

    file_api: reading the new data for the overlapped file_data
---

diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc
index 00e025ef0..3eab1daac 100644
--- a/src/file_api/file_lib.cc
+++ b/src/file_api/file_lib.cc
@@ -409,7 +409,10 @@ bool FileContext::process(Packet* p, const uint8_t* file_data, int data_size,
 
     if ((FileService::get_file_cache()->cached_verdict_lookup(p, this,
         policy) != FILE_VERDICT_UNKNOWN))
+    {
+        processing_complete = true;
         return true;
+    }
 
     /*file type id*/
     if (is_file_type_enabled())
diff --git a/src/file_api/file_segment.cc b/src/file_api/file_segment.cc
index 8c066f4c0..6c4fe578a 100644
--- a/src/file_api/file_segment.cc
+++ b/src/file_api/file_segment.cc
@@ -198,9 +198,18 @@ int FileSegments::process(Packet* p, const uint8_t* file_data, uint64_t data_siz
 {
     int ret = 0;
 
-    if (offset == 0)
+    if (offset < current_offset)
     {
-        current_offset = 0;
+        if (offset + data_size > current_offset)
+        {
+            file_data += (current_offset - offset);
+            data_size = (offset + data_size) - current_offset;
+            offset = current_offset;
+        }
+        else
+        {
+            return 1;
+        }
     }
 
     // Walk through the segments that can be flushed
diff --git a/src/service_inspectors/dce_rpc/dce_smb2.cc b/src/service_inspectors/dce_rpc/dce_smb2.cc
index ec09665d5..e5c2cf885 100644
--- a/src/service_inspectors/dce_rpc/dce_smb2.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb2.cc
@@ -121,18 +121,17 @@ static inline void DCE2_Smb2StoreRequest(DCE2_SmbSsnData* ssd,
         request = request->next;
     }
 
-    request = (Smb2Request*)snort_calloc(sizeof(*request));
-
-    ssd->outstanding_requests++;
-
-    if (ssd->outstanding_requests >= ssd->max_outstanding_requests)
+    if ( ssd->outstanding_requests >= (ssd->max_outstanding_requests - 1) )
     {
         dce_alert(GID_DCE2, DCE2_SMB_MAX_REQS_EXCEEDED, (dce2CommonStats*)&dce2_smb_stats,
             ssd->sd);
-        snort_free((void*)request);
         return;
     }
 
+    request = ( Smb2Request* )snort_alloc( sizeof( *request ) );
+
+    ssd->outstanding_requests++;
+
     request->message_id = message_id;
     request->offset = offset;
     request->file_id = file_id;