From: Victor Julien Date: Fri, 6 May 2016 12:57:55 +0000 (+0200) Subject: dcerpc: improve integer handling X-Git-Tag: suricata-3.1RC1~185 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed5a01e8ddb5d83abed8cf04f0e794279758f91f;p=thirdparty%2Fsuricata.git dcerpc: improve integer handling --- diff --git a/src/app-layer-dcerpc-udp.c b/src/app-layer-dcerpc-udp.c index a9c58df09f..7ab5f83ab2 100644 --- a/src/app-layer-dcerpc-udp.c +++ b/src/app-layer-dcerpc-udp.c @@ -196,18 +196,18 @@ static int DCERPCUDPParseHeader(Flow *f, void *dcerpcudp_state, sstate->dcerpc.dcerpchdrudp.activityuuid[14] = *(p + 54); sstate->dcerpc.dcerpchdrudp.activityuuid[15] = *(p + 55); if (sstate->dcerpc.dcerpchdrudp.drep[0] == 0x10) { - sstate->dcerpc.dcerpchdrudp.server_boot = *(p + 56); - sstate->dcerpc.dcerpchdrudp.server_boot |= *(p + 57) << 8; - sstate->dcerpc.dcerpchdrudp.server_boot |= *(p + 58) << 16; - sstate->dcerpc.dcerpchdrudp.server_boot |= *(p + 59) << 24; - sstate->dcerpc.dcerpchdrudp.if_vers = *(p + 60); - sstate->dcerpc.dcerpchdrudp.if_vers |= *(p + 61) << 8; - sstate->dcerpc.dcerpchdrudp.if_vers |= *(p + 62) << 16; - sstate->dcerpc.dcerpchdrudp.if_vers |= *(p + 63) << 24; - sstate->dcerpc.dcerpchdrudp.seqnum = *(p + 64); - sstate->dcerpc.dcerpchdrudp.seqnum |= *(p + 65) << 8; - sstate->dcerpc.dcerpchdrudp.seqnum |= *(p + 66) << 16; - sstate->dcerpc.dcerpchdrudp.seqnum |= *(p + 67) << 24; + sstate->dcerpc.dcerpchdrudp.server_boot = (uint32_t) *(p + 56); + sstate->dcerpc.dcerpchdrudp.server_boot |= (uint32_t) *(p + 57) << 8; + sstate->dcerpc.dcerpchdrudp.server_boot |= (uint32_t) *(p + 58) << 16; + sstate->dcerpc.dcerpchdrudp.server_boot |= (uint32_t) *(p + 59) << 24; + sstate->dcerpc.dcerpchdrudp.if_vers = (uint32_t) *(p + 60); + sstate->dcerpc.dcerpchdrudp.if_vers |= (uint32_t) *(p + 61) << 8; + sstate->dcerpc.dcerpchdrudp.if_vers |= (uint32_t) *(p + 62) << 16; + sstate->dcerpc.dcerpchdrudp.if_vers |= (uint32_t) *(p + 63) << 24; + sstate->dcerpc.dcerpchdrudp.seqnum = (uint32_t) *(p + 64); + sstate->dcerpc.dcerpchdrudp.seqnum |= (uint32_t) *(p + 65) << 8; + sstate->dcerpc.dcerpchdrudp.seqnum |= (uint32_t) *(p + 66) << 16; + sstate->dcerpc.dcerpchdrudp.seqnum |= (uint32_t) *(p + 67) << 24; sstate->dcerpc.dcerpchdrudp.opnum = *(p + 68); sstate->dcerpc.dcerpchdrudp.opnum |= *(p + 69) << 8; sstate->dcerpc.dcerpchdrudp.ihint = *(p + 70); @@ -219,18 +219,18 @@ static int DCERPCUDPParseHeader(Flow *f, void *dcerpcudp_state, sstate->dcerpc.dcerpchdrudp.fragnum = *(p + 76); sstate->dcerpc.dcerpchdrudp.fragnum |= *(p + 77) << 8; } else { - sstate->dcerpc.dcerpchdrudp.server_boot = *(p + 56) << 24; - sstate->dcerpc.dcerpchdrudp.server_boot |= *(p + 57) << 16; - sstate->dcerpc.dcerpchdrudp.server_boot |= *(p + 58) << 8; - sstate->dcerpc.dcerpchdrudp.server_boot |= *(p + 59); - sstate->dcerpc.dcerpchdrudp.if_vers = *(p + 60) << 24; - sstate->dcerpc.dcerpchdrudp.if_vers |= *(p + 61) << 16; - sstate->dcerpc.dcerpchdrudp.if_vers |= *(p + 62) << 8; - sstate->dcerpc.dcerpchdrudp.if_vers |= *(p + 63); - sstate->dcerpc.dcerpchdrudp.seqnum = *(p + 64) << 24; - sstate->dcerpc.dcerpchdrudp.seqnum |= *(p + 65) << 16; - sstate->dcerpc.dcerpchdrudp.seqnum |= *(p + 66) << 8; - sstate->dcerpc.dcerpchdrudp.seqnum |= *(p + 67); + sstate->dcerpc.dcerpchdrudp.server_boot = (uint32_t) *(p + 56) << 24; + sstate->dcerpc.dcerpchdrudp.server_boot |= (uint32_t) *(p + 57) << 16; + sstate->dcerpc.dcerpchdrudp.server_boot |= (uint32_t) *(p + 58) << 8; + sstate->dcerpc.dcerpchdrudp.server_boot |= (uint32_t) *(p + 59); + sstate->dcerpc.dcerpchdrudp.if_vers = (uint32_t) *(p + 60) << 24; + sstate->dcerpc.dcerpchdrudp.if_vers |= (uint32_t) *(p + 61) << 16; + sstate->dcerpc.dcerpchdrudp.if_vers |= (uint32_t) *(p + 62) << 8; + sstate->dcerpc.dcerpchdrudp.if_vers |= (uint32_t) *(p + 63); + sstate->dcerpc.dcerpchdrudp.seqnum = (uint32_t) *(p + 64) << 24; + sstate->dcerpc.dcerpchdrudp.seqnum |= (uint32_t) *(p + 65) << 16; + sstate->dcerpc.dcerpchdrudp.seqnum |= (uint32_t) *(p + 66) << 8; + sstate->dcerpc.dcerpchdrudp.seqnum |= (uint32_t) *(p + 67); sstate->dcerpc.dcerpchdrudp.opnum = *(p + 68) << 24; sstate->dcerpc.dcerpchdrudp.opnum |= *(p + 69) << 16; sstate->dcerpc.dcerpchdrudp.ihint = *(p + 70) << 8; @@ -553,62 +553,62 @@ static int DCERPCUDPParseHeader(Flow *f, void *dcerpcudp_state, break; /* fall through */ case 56: - sstate->dcerpc.dcerpchdrudp.server_boot = *(p++); + sstate->dcerpc.dcerpchdrudp.server_boot = (uint32_t) *(p++); if (!(--input_len)) break; /* fall through */ case 57: - sstate->dcerpc.dcerpchdrudp.server_boot |= *(p++) << 8; + sstate->dcerpc.dcerpchdrudp.server_boot |= (uint32_t) *(p++) << 8; if (!(--input_len)) break; /* fall through */ case 58: - sstate->dcerpc.dcerpchdrudp.server_boot |= *(p++) << 16; + sstate->dcerpc.dcerpchdrudp.server_boot |= (uint32_t) *(p++) << 16; if (!(--input_len)) break; /* fall through */ case 59: - sstate->dcerpc.dcerpchdrudp.server_boot |= *(p++) << 24; + sstate->dcerpc.dcerpchdrudp.server_boot |= (uint32_t) *(p++) << 24; if (!(--input_len)) break; /* fall through */ case 60: - sstate->dcerpc.dcerpchdrudp.if_vers = *(p++); + sstate->dcerpc.dcerpchdrudp.if_vers = (uint32_t) *(p++); if (!(--input_len)) break; /* fall through */ case 61: - sstate->dcerpc.dcerpchdrudp.if_vers |= *(p++) << 8; + sstate->dcerpc.dcerpchdrudp.if_vers |= (uint32_t) *(p++) << 8; if (!(--input_len)) break; /* fall through */ case 62: - sstate->dcerpc.dcerpchdrudp.if_vers |= *(p++) << 16; + sstate->dcerpc.dcerpchdrudp.if_vers |= (uint32_t) *(p++) << 16; if (!(--input_len)) break; /* fall through */ case 63: - sstate->dcerpc.dcerpchdrudp.if_vers |= *(p++) << 24; + sstate->dcerpc.dcerpchdrudp.if_vers |= (uint32_t) *(p++) << 24; if (!(--input_len)) break; /* fall through */ case 64: - sstate->dcerpc.dcerpchdrudp.seqnum = *(p++); + sstate->dcerpc.dcerpchdrudp.seqnum = (uint32_t) *(p++); if (!(--input_len)) break; /* fall through */ case 65: - sstate->dcerpc.dcerpchdrudp.seqnum |= *(p++) << 8; + sstate->dcerpc.dcerpchdrudp.seqnum |= (uint32_t) *(p++) << 8; if (!(--input_len)) break; /* fall through */ case 66: - sstate->dcerpc.dcerpchdrudp.seqnum |= *(p++) << 16; + sstate->dcerpc.dcerpchdrudp.seqnum |= (uint32_t) *(p++) << 16; if (!(--input_len)) break; /* fall through */ case 67: - sstate->dcerpc.dcerpchdrudp.seqnum |= *(p++) << 24; + sstate->dcerpc.dcerpchdrudp.seqnum |= (uint32_t) *(p++) << 24; if (!(--input_len)) break; /* fall through */ diff --git a/src/app-layer-dcerpc.c b/src/app-layer-dcerpc.c index 1916b72aa2..ece676e7f1 100644 --- a/src/app-layer-dcerpc.c +++ b/src/app-layer-dcerpc.c @@ -1295,19 +1295,19 @@ static int DCERPCParseHeader(DCERPC *dcerpc, uint8_t *input, uint32_t input_len) dcerpc->dcerpchdr.frag_length |= *(p + 9) << 8; dcerpc->dcerpchdr.auth_length = *(p + 10); dcerpc->dcerpchdr.auth_length |= *(p + 11) << 8; - dcerpc->dcerpchdr.call_id = *(p + 12) << 24; - dcerpc->dcerpchdr.call_id |= *(p + 13) << 16; - dcerpc->dcerpchdr.call_id |= *(p + 14) << 8; - dcerpc->dcerpchdr.call_id |= *(p + 15); + dcerpc->dcerpchdr.call_id = (uint32_t) *(p + 12) << 24; + dcerpc->dcerpchdr.call_id |= (uint32_t) *(p + 13) << 16; + dcerpc->dcerpchdr.call_id |= (uint32_t) *(p + 14) << 8; + dcerpc->dcerpchdr.call_id |= (uint32_t) *(p + 15); } else { dcerpc->dcerpchdr.frag_length = *(p + 8) << 8; dcerpc->dcerpchdr.frag_length |= *(p + 9); dcerpc->dcerpchdr.auth_length = *(p + 10) << 8; dcerpc->dcerpchdr.auth_length |= *(p + 11); - dcerpc->dcerpchdr.call_id = *(p + 12); - dcerpc->dcerpchdr.call_id |= *(p + 13) << 8; - dcerpc->dcerpchdr.call_id |= *(p + 14) << 16; - dcerpc->dcerpchdr.call_id |= *(p + 15) << 24; + dcerpc->dcerpchdr.call_id = (uint32_t) *(p + 12); + dcerpc->dcerpchdr.call_id |= (uint32_t) *(p + 13) << 8; + dcerpc->dcerpchdr.call_id |= (uint32_t) *(p + 14) << 16; + dcerpc->dcerpchdr.call_id |= (uint32_t) *(p + 15) << 24; } dcerpc->bytesprocessed = DCERPC_HDR_LEN; SCReturnInt(16); @@ -1382,22 +1382,22 @@ static int DCERPCParseHeader(DCERPC *dcerpc, uint8_t *input, uint32_t input_len) break; /* fall through */ case 12: - dcerpc->dcerpchdr.call_id = *(p++); + dcerpc->dcerpchdr.call_id = (uint32_t) *(p++); if (!(--input_len)) break; /* fall through */ case 13: - dcerpc->dcerpchdr.call_id |= *(p++) << 8; + dcerpc->dcerpchdr.call_id |= (uint32_t) *(p++) << 8; if (!(--input_len)) break; /* fall through */ case 14: - dcerpc->dcerpchdr.call_id |= *(p++) << 16; + dcerpc->dcerpchdr.call_id |= (uint32_t) *(p++) << 16; if (!(--input_len)) break; /* fall through */ case 15: - dcerpc->dcerpchdr.call_id |= *(p++) << 24; + dcerpc->dcerpchdr.call_id |= (uint32_t) *(p++) << 24; if (!(dcerpc->dcerpchdr.packed_drep[0] & 0x10)) { dcerpc->dcerpchdr.frag_length = SCByteSwap16(dcerpc->dcerpchdr.frag_length); dcerpc->dcerpchdr.auth_length = SCByteSwap16(dcerpc->dcerpchdr.auth_length);