From: Tom Peters (thopeter) Date: Tue, 29 Jan 2019 17:37:39 +0000 (-0500) Subject: Merge pull request #1494 in SNORT/snort3 from ~MDAGON/snort3:cppcheck_dce to master X-Git-Tag: 3.0.0-251~58 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f1164e2f570dd3c2a03f64e8b010ccb0eb9fe3f0;p=thirdparty%2Fsnort3.git Merge pull request #1494 in SNORT/snort3 from ~MDAGON/snort3:cppcheck_dce to master Squashed commit of the following: commit eea8e7ac7f6a630838ee3968f6f91c5569821152 Author: Maya Dagon Date: Wed Dec 19 13:58:54 2018 -0500 dce_rpc: fix cppcheck warnings --- diff --git a/src/service_inspectors/dce_rpc/dce_co.cc b/src/service_inspectors/dce_rpc/dce_co.cc index 6a1c206c8..26e5daf36 100644 --- a/src/service_inspectors/dce_rpc/dce_co.cc +++ b/src/service_inspectors/dce_rpc/dce_co.cc @@ -554,7 +554,7 @@ static DCE2_CoCtxIdNode* dce_co_process_ctx_id(DCE2_SsnData* sd,DCE2_CoTracker* return nullptr; } - DCE2_MOVE(frag_ptr, frag_len, sizeof(DceRpcCoContElem)); + dce2_move(frag_ptr, frag_len, sizeof(DceRpcCoContElem)); /* Don't really care about the transfer syntaxes */ for (j = 0; j < num_tsyns; j++) @@ -565,7 +565,7 @@ static DCE2_CoCtxIdNode* dce_co_process_ctx_id(DCE2_SsnData* sd,DCE2_CoTracker* return nullptr; } - DCE2_MOVE(frag_ptr, frag_len, sizeof(DceRpcCoSynId)); + dce2_move(frag_ptr, frag_len, sizeof(DceRpcCoSynId)); } if (sd->trans == DCE2_TRANS_TYPE__TCP) { @@ -785,7 +785,7 @@ static void DCE2_CoBindAck(DCE2_SsnData* sd, DCE2_CoTracker* cot, return; } - DCE2_MOVE(frag_ptr, frag_len, sizeof(DceRpcCoBindAck)); + dce2_move(frag_ptr, frag_len, sizeof(DceRpcCoBindAck)); /* Set what should be the maximum amount of data a client can send in a fragment */ max_recv_frag = DceRpcCoBindAckMaxRecvFrag(co_hdr, bind_ack); @@ -804,7 +804,7 @@ static void DCE2_CoBindAck(DCE2_SsnData* sd, DCE2_CoTracker* cot, return; } - DCE2_MOVE(ctx_data, ctx_len, sec_addr_len); + dce2_move(ctx_data, ctx_len, sec_addr_len); /* padded to 4 octet */ if ((sizeof(DceRpcCoBindAck) + sec_addr_len) & 3) @@ -816,7 +816,7 @@ static void DCE2_CoBindAck(DCE2_SsnData* sd, DCE2_CoTracker* cot, return; } - DCE2_MOVE(ctx_data, ctx_len, pad); + dce2_move(ctx_data, ctx_len, pad); /* Now we're at the start of the context item results */ if (ctx_len < sizeof(DceRpcCoContResultList)) @@ -828,7 +828,7 @@ static void DCE2_CoBindAck(DCE2_SsnData* sd, DCE2_CoTracker* cot, ctx_list = (const DceRpcCoContResultList*)ctx_data; num_ctx_results = DceRpcCoContNumResults(ctx_list); - DCE2_MOVE(ctx_data, ctx_len, sizeof(DceRpcCoContResultList)); + dce2_move(ctx_data, ctx_len, sizeof(DceRpcCoContResultList)); for (i = 0; i < num_ctx_results; i++) { @@ -843,7 +843,7 @@ static void DCE2_CoBindAck(DCE2_SsnData* sd, DCE2_CoTracker* cot, ctx_result = (const DceRpcCoContResult*)ctx_data; result = DceRpcCoContRes(co_hdr, ctx_result); - DCE2_MOVE(ctx_data, ctx_len, sizeof(DceRpcCoContResult)); + dce2_move(ctx_data, ctx_len, sizeof(DceRpcCoContResult)); if (DCE2_QueueIsEmpty(cot->pending_ctx_ids)) return; @@ -874,7 +874,7 @@ static void DCE2_CoBind(DCE2_SsnData* sd, DCE2_CoTracker* cot, return; } - DCE2_MOVE(frag_ptr, frag_len, sizeof(DceRpcCoBind)); + dce2_move(frag_ptr, frag_len, sizeof(DceRpcCoBind)); switch (policy) { @@ -940,7 +940,7 @@ static void DCE2_CoAlterCtx(DCE2_SsnData* sd, DCE2_CoTracker* cot, return; } - DCE2_MOVE(frag_ptr, frag_len, sizeof(DceRpcCoAltCtx)); + dce2_move(frag_ptr, frag_len, sizeof(DceRpcCoAltCtx)); switch (policy) { @@ -1163,7 +1163,7 @@ static Packet* DCE2_CoGetRpkt(DCE2_SsnData* sd, DCE2_CoTracker* cot, } else { - DCE2_MOVE(seg_data, seg_len, hdr_size); + dce2_move(seg_data, seg_len, hdr_size); } } @@ -1501,7 +1501,7 @@ static void DCE2_CoRequest(DCE2_SsnData* sd, DCE2_CoTracker* cot, } /* Move past header */ - DCE2_MOVE(frag_ptr, frag_len, req_size); + dce2_move(frag_ptr, frag_len, req_size); /* If for some reason we had some fragments queued */ if (DceRpcCoFirstFrag(co_hdr) && !DceRpcCoLastFrag(co_hdr) @@ -1710,7 +1710,7 @@ static void DCE2_CoResponse(DCE2_SsnData* sd, DCE2_CoTracker* cot, } /* Move past header */ - DCE2_MOVE(frag_ptr, frag_len, sizeof(DceRpcCoResponse)); + dce2_move(frag_ptr, frag_len, sizeof(DceRpcCoResponse)); /* If for some reason we had some fragments queued */ if (DceRpcCoFirstFrag(co_hdr) && !DCE2_BufferIsEmpty(cot->frag_tracker.srv_stub_buf)) @@ -1774,7 +1774,7 @@ static void DCE2_CoDecode(DCE2_SsnData* sd, DCE2_CoTracker* cot, /* We've got the main header. Move past it to the * start of the pdu */ - DCE2_MOVE(frag_ptr, frag_len, sizeof(DceRpcCoHdr)); + dce2_move(frag_ptr, frag_len, sizeof(DceRpcCoHdr)); /* Client specific pdu types - some overlap with server */ if ( DetectionEngine::get_current_packet()->is_from_client() ) @@ -1944,7 +1944,7 @@ static DCE2_Ret DCE2_CoSegEarlyRequest(DCE2_CoTracker* cot, return DCE2_RET__ERROR; const DceRpcCoHdr* co_hdr = (const DceRpcCoHdr*)seg_ptr; - DCE2_MOVE(seg_ptr, seg_len, sizeof(DceRpcCoHdr)); + dce2_move(seg_ptr, seg_len, sizeof(DceRpcCoHdr)); if (DceRpcCoPduType(co_hdr) != DCERPC_PDU_TYPE__REQUEST) return DCE2_RET__ERROR; @@ -2299,7 +2299,7 @@ void DCE2_CoProcess(DCE2_SsnData* sd, DCE2_CoTracker* cot, goto dce2_coprocess_exit; } - DCE2_MOVE(data_ptr, data_len, frag_len); + dce2_move(data_ptr, data_len, frag_len); /* Got a full DCE/RPC pdu */ DCE2_CoDecode(sd, cot, frag_ptr, frag_len); @@ -2329,7 +2329,7 @@ void DCE2_CoProcess(DCE2_SsnData* sd, DCE2_CoTracker* cot, break; /* Move the length of the amount of data we used to get header */ - DCE2_MOVE(data_ptr, data_len, data_used); + dce2_move(data_ptr, data_len, data_used); if (DCE2_CoHdrChecks(sd, cot, (DceRpcCoHdr*)DCE2_BufferData(seg->buf)) != DCE2_RET__SUCCESS) @@ -2338,7 +2338,7 @@ void DCE2_CoProcess(DCE2_SsnData* sd, DCE2_CoTracker* cot, DCE2_BufferEmpty(seg->buf); /* Move back to original packet header */ data_back = -data_used; - DCE2_MOVE(data_ptr, data_len, data_back); + dce2_move(data_ptr, data_len, data_back); /*Check the original packet*/ if (DCE2_CoHdrChecks(sd, cot, (const DceRpcCoHdr*)data_ptr) != DCE2_RET__SUCCESS) @@ -2364,7 +2364,7 @@ void DCE2_CoProcess(DCE2_SsnData* sd, DCE2_CoTracker* cot, if (status != DCE2_RET__SUCCESS) break; - DCE2_MOVE(data_ptr, data_len, data_used); + dce2_move(data_ptr, data_len, data_used); } /* Do this before calling DCE2_CoSegDecode since it will empty diff --git a/src/service_inspectors/dce_rpc/dce_smb_commands.cc b/src/service_inspectors/dce_rpc/dce_smb_commands.cc index b53339759..c53e80239 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_commands.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_commands.cc @@ -334,14 +334,14 @@ static DCE2_Ret DCE2_SmbWriteAndXRawRequest(DCE2_SmbSsnData* ssd, const SmbNtHdr uint32_t dcnt = SmbWriteAndXReqDataCnt((const SmbWriteAndXReq*)nb_ptr); uint16_t remaining = SmbWriteAndXReqRemaining((const SmbWriteAndXReq*)nb_ptr); - DCE2_MOVE(nb_ptr, nb_len, com_size); + dce2_move(nb_ptr, nb_len, com_size); if (DCE2_SmbCheckData(ssd, (const uint8_t*)smb_hdr, nb_ptr, nb_len, byte_count, dcnt, doff) != DCE2_RET__SUCCESS) return DCE2_RET__ERROR; // This may move backwards - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); // If a "raw" write is requested there will be two bytes after the // header/pad and before the data which is supposed to represent a @@ -355,7 +355,7 @@ static DCE2_Ret DCE2_SmbWriteAndXRawRequest(DCE2_SmbSsnData* ssd, const SmbNtHdr // From data size check above, nb_len >= dsize dcnt -= 2; - DCE2_MOVE(nb_ptr, nb_len, 2); + dce2_move(nb_ptr, nb_len, 2); } if (dcnt > nb_len) @@ -555,7 +555,7 @@ DCE2_Ret DCE2_SmbOpen(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, { // Have at least 2 bytes of data based on byte count check done earlier - DCE2_MOVE(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); + dce2_move(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); if (!SmbFmtAscii(*nb_ptr)) { @@ -564,7 +564,7 @@ DCE2_Ret DCE2_SmbOpen(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, return DCE2_RET__ERROR; } - DCE2_MOVE(nb_ptr, nb_len, 1); + dce2_move(nb_ptr, nb_len, 1); ssd->cur_rtracker->file_name = DCE2_SmbGetFileName(nb_ptr, nb_len, SmbUnicode(smb_hdr), @@ -613,8 +613,8 @@ DCE2_Ret DCE2_SmbCreate(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, // Have at least 2 bytes of data based on byte count check done earlier - DCE2_MOVE(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); - + dce2_move(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); + assert(nb_ptr != nullptr); if (!SmbFmtAscii(*nb_ptr)) { dce_alert(GID_DCE2, DCE2_SMB_BAD_FORM, (dce2CommonStats*)&dce2_smb_stats, @@ -622,7 +622,7 @@ DCE2_Ret DCE2_SmbCreate(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, return DCE2_RET__ERROR; } - DCE2_MOVE(nb_ptr, nb_len, 1); + dce2_move(nb_ptr, nb_len, 1); ssd->cur_rtracker->file_name = DCE2_SmbGetFileName(nb_ptr, nb_len, SmbUnicode(smb_hdr), @@ -678,7 +678,7 @@ DCE2_Ret DCE2_SmbRename(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, uint32_t i; - DCE2_MOVE(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); + dce2_move(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); if (!SmbFmtAscii(*nb_ptr)) { @@ -687,7 +687,7 @@ DCE2_Ret DCE2_SmbRename(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, return DCE2_RET__ERROR; } - DCE2_MOVE(nb_ptr, nb_len, 1); + dce2_move(nb_ptr, nb_len, 1); if (SmbUnicode(smb_hdr)) { @@ -713,7 +713,7 @@ DCE2_Ret DCE2_SmbRename(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, } // i <= nb_len - DCE2_MOVE(nb_ptr, nb_len, i); + dce2_move(nb_ptr, nb_len, i); if ((nb_len > 0) && !SmbFmtAscii(*nb_ptr)) { @@ -754,7 +754,7 @@ DCE2_Ret DCE2_SmbRead(DCE2_SmbSsnData* ssd, const SmbNtHdr*, uint8_t fmt = *(nb_ptr + com_size); uint16_t fmt_dcnt = snort::alignedNtohs((const uint16_t*)(nb_ptr + com_size + 1)); - DCE2_MOVE(nb_ptr, nb_len, (com_size + 3)); + dce2_move(nb_ptr, nb_len, (com_size + 3)); DCE2_SmbCheckFmtData(ssd, nb_len, byte_count, fmt, com_dcnt, fmt_dcnt); @@ -786,7 +786,7 @@ DCE2_Ret DCE2_SmbWrite(DCE2_SmbSsnData* ssd, const SmbNtHdr*, uint16_t fid = SmbWriteReqFid((const SmbWriteReq*)nb_ptr); uint32_t offset = SmbWriteReqOffset((const SmbWriteReq*)nb_ptr); - DCE2_MOVE(nb_ptr, nb_len, (com_size + 3)); + dce2_move(nb_ptr, nb_len, (com_size + 3)); DCE2_SmbCheckFmtData(ssd, nb_len, byte_count, fmt, com_dcnt, fmt_dcnt); @@ -844,8 +844,8 @@ DCE2_Ret DCE2_SmbCreateNew(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, // Have at least 2 bytes of data based on byte count check done earlier - DCE2_MOVE(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); - + dce2_move(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); + assert(nb_ptr != nullptr); if (!SmbFmtAscii(*nb_ptr)) { dce_alert(GID_DCE2, DCE2_SMB_BAD_FORM, (dce2CommonStats*)&dce2_smb_stats, @@ -853,7 +853,7 @@ DCE2_Ret DCE2_SmbCreateNew(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, return DCE2_RET__ERROR; } - DCE2_MOVE(nb_ptr, nb_len, 1); + dce2_move(nb_ptr, nb_len, 1); ssd->cur_rtracker->file_name = DCE2_SmbGetFileName(nb_ptr, nb_len, SmbUnicode(smb_hdr), @@ -881,7 +881,8 @@ DCE2_Ret DCE2_SmbLockAndRead(DCE2_SmbSsnData* ssd, const SmbNtHdr*, return DCE2_RET__ERROR; if (!ftracker->is_ipc) - ssd->cur_rtracker->file_offset = SmbLockAndReadReqOffset((const SmbLockAndReadReq*)nb_ptr); + ssd->cur_rtracker->file_offset = SmbLockAndReadReqOffset((const + SmbLockAndReadReq*)nb_ptr); // Set this for response ssd->cur_rtracker->ftracker = ftracker; @@ -895,7 +896,7 @@ DCE2_Ret DCE2_SmbLockAndRead(DCE2_SmbSsnData* ssd, const SmbNtHdr*, uint16_t com_dcnt = SmbLockAndReadRespCount((const SmbLockAndReadResp*)nb_ptr); uint16_t fmt_dcnt = snort::alignedNtohs((const uint16_t*)(nb_ptr + com_size + 1)); - DCE2_MOVE(nb_ptr, nb_len, (com_size + 3)); + dce2_move(nb_ptr, nb_len, (com_size + 3)); DCE2_SmbCheckFmtData(ssd, nb_len, byte_count, fmt, com_dcnt, fmt_dcnt); @@ -952,7 +953,7 @@ DCE2_Ret DCE2_SmbWriteAndUnlock(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, uint16_t fid = SmbWriteAndUnlockReqFid((const SmbWriteAndUnlockReq*)nb_ptr); uint32_t offset = SmbWriteAndUnlockReqOffset((const SmbWriteAndUnlockReq*)nb_ptr); - DCE2_MOVE(nb_ptr, nb_len, (com_size + 3)); + dce2_move(nb_ptr, nb_len, (com_size + 3)); DCE2_SmbCheckFmtData(ssd, nb_len, byte_count, fmt, com_dcnt, fmt_dcnt); @@ -1053,7 +1054,7 @@ DCE2_Ret DCE2_SmbOpenAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, ssd->cur_rtracker->file_size = SmbOpenAndXReqAllocSize((const SmbOpenAndXReq*)nb_ptr); } - DCE2_MOVE(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); + dce2_move(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); if (unicode) pad = (nb_ptr - (const uint8_t*)smb_hdr) & 1; @@ -1061,7 +1062,7 @@ DCE2_Ret DCE2_SmbOpenAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, if (nb_len < (pad + null_bytes)) return DCE2_RET__ERROR; - DCE2_MOVE(nb_ptr, nb_len, pad); + dce2_move(nb_ptr, nb_len, pad); // Samba allows chaining OpenAndX/NtCreateAndX so might have // already been set. @@ -1104,14 +1105,14 @@ DCE2_Ret DCE2_SmbReadAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, uint16_t doff = SmbReadAndXRespDataOff((const SmbReadAndXResp*)nb_ptr); uint32_t dcnt = SmbReadAndXRespDataCnt((const SmbReadAndXResp*)nb_ptr); - DCE2_MOVE(nb_ptr, nb_len, com_size); + dce2_move(nb_ptr, nb_len, com_size); if (DCE2_SmbCheckData(ssd, (const uint8_t*)smb_hdr, nb_ptr, nb_len, byte_count, dcnt, doff) != DCE2_RET__SUCCESS) return DCE2_RET__ERROR; // This may move backwards - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); if (dcnt > nb_len) dcnt = nb_len; @@ -1161,14 +1162,14 @@ DCE2_Ret DCE2_SmbWriteAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, uint32_t dcnt = SmbWriteAndXReqDataCnt((const SmbWriteAndXReq*)nb_ptr); uint64_t offset = SmbWriteAndXReqOffset((const SmbWriteAndXExtReq*)nb_ptr); - DCE2_MOVE(nb_ptr, nb_len, com_size); + dce2_move(nb_ptr, nb_len, com_size); if (DCE2_SmbCheckData(ssd, (const uint8_t*)smb_hdr, nb_ptr, nb_len, byte_count, dcnt, doff) != DCE2_RET__SUCCESS) return DCE2_RET__ERROR; // This may move backwards - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); if (dcnt > nb_len) { @@ -1224,38 +1225,38 @@ DCE2_Ret DCE2_SmbSessionSetupAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, uint16_t uni_pass_len = SmbNt10SessionSetupAndXReqUnicodePassLen((const SmbNt10_SessionSetupAndXReq*)nb_ptr); - DCE2_MOVE(nb_ptr, nb_len, com_size); + dce2_move(nb_ptr, nb_len, com_size); if (((uint32_t)oem_pass_len + uni_pass_len) > nb_len) { return DCE2_RET__ERROR; } - DCE2_MOVE(nb_ptr, nb_len, (oem_pass_len + uni_pass_len)); + dce2_move(nb_ptr, nb_len, (oem_pass_len + uni_pass_len)); // If unicode there should be a padding byte if the password // lengths are even since the command length is odd if ((increment == 2) && (nb_len != 0) && !((oem_pass_len + uni_pass_len) & 1)) - DCE2_MOVE(nb_ptr, nb_len, 1); + dce2_move(nb_ptr, nb_len, 1); } else // Extended security blob version, word count of 12 { uint16_t blob_len = SmbSessionSetupAndXReqBlobLen((const SmbNt10_SessionSetupAndXExtReq*)nb_ptr); - DCE2_MOVE(nb_ptr, nb_len, com_size); + dce2_move(nb_ptr, nb_len, com_size); if (blob_len > nb_len) { return DCE2_RET__ERROR; } - DCE2_MOVE(nb_ptr, nb_len, blob_len); + dce2_move(nb_ptr, nb_len, blob_len); // If unicode there should be a padding byte if the blob // length is even since the command length is odd if ((increment == 2) && (nb_len != 0) && !(blob_len & 1)) - DCE2_MOVE(nb_ptr, nb_len, 1); + dce2_move(nb_ptr, nb_len, 1); } // Attempting to fingerprint Client Windows/Samba version. @@ -1267,8 +1268,9 @@ DCE2_Ret DCE2_SmbSessionSetupAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, for (j = 0; j < 2; j++) { + assert(nb_ptr != nullptr); while ((nb_len >= increment) && (*nb_ptr != '\0')) - DCE2_MOVE(nb_ptr, nb_len, increment); + dce2_move(nb_ptr, nb_len, increment); // Just return success if we run out of data if (nb_len < increment) @@ -1277,7 +1279,7 @@ DCE2_Ret DCE2_SmbSessionSetupAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, } // Move past NULL string terminator - DCE2_MOVE(nb_ptr, nb_len, increment); + dce2_move(nb_ptr, nb_len, increment); } } @@ -1291,6 +1293,7 @@ DCE2_Ret DCE2_SmbSessionSetupAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, // sending data to it. // Windows Vista and above don't put anything here + assert(nb_ptr != nullptr); if (*nb_ptr == '\0') { DCE2_SsnSetPolicy(&ssd->sd, DCE2_POLICY__WINVISTA); @@ -1308,7 +1311,7 @@ DCE2_Ret DCE2_SmbSessionSetupAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, if (dce2_smb_os_fsm[state].input == (char)*nb_ptr) { state = dce2_smb_os_fsm[state].next_state; - DCE2_MOVE(nb_ptr, rlen, increment); + dce2_move(nb_ptr, rlen, increment); } else { @@ -1350,7 +1353,7 @@ DCE2_Ret DCE2_SmbSessionSetupAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, } // Move to LanMan string - DCE2_MOVE(nb_ptr, nb_len, i + increment); + dce2_move(nb_ptr, nb_len, i + increment); // Samba if (*nb_ptr == 'S') @@ -1387,34 +1390,35 @@ DCE2_Ret DCE2_SmbSessionSetupAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, if (DCE2_ComInfoWordCount(com_info) == 3) { - DCE2_MOVE(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); + dce2_move(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); // Word count 3 and Unicode has a one byte pad if ((increment == 2) && (nb_len != 0)) - DCE2_MOVE(nb_ptr, nb_len, 1); + dce2_move(nb_ptr, nb_len, 1); } else // Only valid word counts are 3 and 4 { uint16_t blob_len = SmbSessionSetupAndXRespBlobLen( (const SmbNt10_SessionSetupAndXExtResp*)nb_ptr); - DCE2_MOVE(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); + dce2_move(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); if (blob_len > nb_len) { return DCE2_RET__ERROR; } - DCE2_MOVE(nb_ptr, nb_len, blob_len); + dce2_move(nb_ptr, nb_len, blob_len); if ((increment == 2) && (nb_len != 0) && !(blob_len & 1)) - DCE2_MOVE(nb_ptr, nb_len, 1); + dce2_move(nb_ptr, nb_len, 1); } // Attempting to fingerprint Server Windows/Samba version. // Note the below is quick and dirty. We're assuming the server // is kosher. It's policy will be used when the client is // sending data to it. + assert(nb_ptr != nullptr); if ((nb_len < increment) || (*nb_ptr == '\0')) { return DCE2_RET__SUCCESS; @@ -1431,7 +1435,7 @@ DCE2_Ret DCE2_SmbSessionSetupAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, if (dce2_smb_os_fsm[state].input == (char)*nb_ptr) { state = dce2_smb_os_fsm[state].next_state; - DCE2_MOVE(nb_ptr, rlen, increment); + dce2_move(nb_ptr, rlen, increment); } else { @@ -1482,7 +1486,7 @@ DCE2_Ret DCE2_SmbSessionSetupAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, } // Move to LanMan string - DCE2_MOVE(nb_ptr, nb_len, i + increment); + dce2_move(nb_ptr, nb_len, i + increment); // Samba if (*nb_ptr == 'S') @@ -1572,7 +1576,7 @@ DCE2_Ret DCE2_SmbNegotiate(DCE2_SmbSsnData* ssd, const SmbNtHdr*, int ntlm_index = 0; uint16_t com_size = DCE2_ComInfoCommandSize(com_info); - DCE2_MOVE(nb_ptr, nb_len, com_size); + dce2_move(nb_ptr, nb_len, com_size); while ((term_ptr = (uint8_t*)memchr(nb_ptr, '\0', nb_len)) != nullptr) { @@ -1589,7 +1593,7 @@ DCE2_Ret DCE2_SmbNegotiate(DCE2_SmbSsnData* ssd, const SmbNtHdr*, } // Move past format - DCE2_MOVE(nb_ptr, nb_len, 1); + dce2_move(nb_ptr, nb_len, 1); if (nb_len == 0) break; @@ -1603,7 +1607,7 @@ DCE2_Ret DCE2_SmbNegotiate(DCE2_SmbSsnData* ssd, const SmbNtHdr*, break; // Move past string and NULL byte - DCE2_MOVE(nb_ptr, nb_len, (term_ptr - nb_ptr) + 1); + dce2_move(nb_ptr, nb_len, (term_ptr - nb_ptr) + 1); ntlm_index++; } @@ -1663,21 +1667,22 @@ DCE2_Ret DCE2_SmbTreeConnectAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, if (DCE2_ScSmbInvalidShares((dce2SmbProtoConf*)ssd->sd.config) != nullptr) { uint16_t pass_len = SmbTreeConnectAndXReqPassLen((const SmbTreeConnectAndXReq*)nb_ptr); - DCE2_MOVE(nb_ptr, nb_len, com_size); + dce2_move(nb_ptr, nb_len, com_size); if (pass_len >= nb_len) return DCE2_RET__ERROR; // Move past password length - DCE2_MOVE(nb_ptr, nb_len, pass_len); + dce2_move(nb_ptr, nb_len, pass_len); const uint8_t* bs = nullptr; // Move past path components + assert(nb_ptr != nullptr); while ((bs = (const uint8_t*)memchr(nb_ptr, '\\', nb_len)) != nullptr) - DCE2_MOVE(nb_ptr, nb_len, (bs - nb_ptr) + 1); + dce2_move(nb_ptr, nb_len, (bs - nb_ptr) + 1); // Move past NULL byte if unicode if (SmbUnicode(smb_hdr) && (nb_len != 0)) - DCE2_MOVE(nb_ptr, nb_len, 1); + dce2_move(nb_ptr, nb_len, 1); if (nb_len != 0) DCE2_SmbInvalidShareCheck(ssd, smb_hdr, nb_ptr, nb_len); @@ -1685,7 +1690,7 @@ DCE2_Ret DCE2_SmbTreeConnectAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, } else { - DCE2_MOVE(nb_ptr, nb_len, com_size); + dce2_move(nb_ptr, nb_len, com_size); int state = SERVICE_0; while ((nb_len > 0) && (state < SERVICE_FS)) @@ -1693,7 +1698,7 @@ DCE2_Ret DCE2_SmbTreeConnectAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, if (dce2_smb_service_fsm[state].input == (char)*nb_ptr) { state = dce2_smb_service_fsm[state].next_state; - DCE2_MOVE(nb_ptr, nb_len, 1); + dce2_move(nb_ptr, nb_len, 1); } else { @@ -1735,7 +1740,7 @@ DCE2_Ret DCE2_SmbTreeConnect(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, // Have at least 4 bytes of data based on byte count check done earlier - DCE2_MOVE(nb_ptr, nb_len, com_size); + dce2_move(nb_ptr, nb_len, com_size); // If unicode flag is set, strings, except possibly the service string // are going to be unicode. The NT spec specifies that unicode strings @@ -1751,17 +1756,17 @@ DCE2_Ret DCE2_SmbTreeConnect(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, return DCE2_RET__ERROR; } - DCE2_MOVE(nb_ptr, nb_len, 1); + dce2_move(nb_ptr, nb_len, 1); // IPC$ does not need to be case sensitive. And the case sensitivity flag in // the SMB header doesn't seem to have any effect on this. const uint8_t* bs = nullptr; while ((bs = (const uint8_t*)memchr(nb_ptr, '\\', nb_len)) != nullptr) - DCE2_MOVE(nb_ptr, nb_len, (bs - nb_ptr) + 1); + dce2_move(nb_ptr, nb_len, (bs - nb_ptr) + 1); bool unicode = SmbUnicode(smb_hdr); if (unicode && (nb_len > 0)) - DCE2_MOVE(nb_ptr, nb_len, 1); + dce2_move(nb_ptr, nb_len, 1); // Check for invalid shares first if ((DCE2_ScSmbInvalidShares((dce2SmbProtoConf*)ssd->sd.config) != nullptr) && (nb_len > @@ -1777,7 +1782,7 @@ DCE2_Ret DCE2_SmbTreeConnect(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, if (unicode && (nb_ptr[1] != 0)) break; state = dce2_ipc_share_fsm[state].next_state; - DCE2_MOVE(nb_ptr, nb_len, increment); + dce2_move(nb_ptr, nb_len, increment); } else { @@ -1911,7 +1916,7 @@ DCE2_Ret DCE2_SmbNtCreateAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, (const SmbNtCreateAndXReq*)nb_ptr); } - DCE2_MOVE(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); + dce2_move(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); if (file_name_length > DCE2_SMB_MAX_PATH_LEN) return DCE2_RET__ERROR; @@ -1924,7 +1929,7 @@ DCE2_Ret DCE2_SmbNtCreateAndX(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, if (nb_len < (pad + file_name_length)) return DCE2_RET__ERROR; - DCE2_MOVE(nb_ptr, nb_len, pad); + dce2_move(nb_ptr, nb_len, pad); // Samba allows chaining OpenAndX/NtCreateAndX so might have // already been set. @@ -2049,7 +2054,7 @@ DCE2_Ret DCE2_SmbWriteRaw(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, uint16_t dcnt = SmbWriteRawReqDataCnt((const SmbWriteRawReq*)nb_ptr); uint64_t offset = SmbWriteRawReqOffset((const SmbWriteRawExtReq*)nb_ptr); - DCE2_MOVE(nb_ptr, nb_len, com_size); + dce2_move(nb_ptr, nb_len, com_size); if (DCE2_SmbCheckTotalCount(ssd, tdcnt, dcnt, 0) != DCE2_RET__SUCCESS) return DCE2_RET__ERROR; @@ -2059,7 +2064,7 @@ DCE2_Ret DCE2_SmbWriteRaw(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, return DCE2_RET__ERROR; // This may move backwards - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); if (dcnt > nb_len) { @@ -2137,7 +2142,7 @@ DCE2_Ret DCE2_SmbWriteAndClose(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, uint16_t fid = SmbWriteAndCloseReqFid((const SmbWriteAndCloseReq*)nb_ptr); uint32_t offset = SmbWriteAndCloseReqOffset((const SmbWriteAndCloseReq*)nb_ptr); - DCE2_MOVE(nb_ptr, nb_len, (com_size + 1)); + dce2_move(nb_ptr, nb_len, (com_size + 1)); if (DCE2_SmbCheckData(ssd, (const uint8_t*)smb_hdr, nb_ptr, nb_len, byte_count, dcnt, diff --git a/src/service_inspectors/dce_rpc/dce_smb_transaction.cc b/src/service_inspectors/dce_rpc/dce_smb_transaction.cc index a2301904c..2c9f5eab3 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_transaction.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_transaction.cc @@ -277,7 +277,7 @@ static DCE2_Ret DCE2_SmbNtTransactCreateReq(DCE2_SmbSsnData* ssd, if (file_name_length > DCE2_SMB_MAX_PATH_LEN) return DCE2_RET__ERROR; - DCE2_MOVE(param_ptr, param_len, sizeof(SmbNtTransactCreateReqParams)); + dce2_move(param_ptr, param_len, sizeof(SmbNtTransactCreateReqParams)); if (unicode) pad = (param_ptr - param_start) & 1; @@ -285,7 +285,7 @@ static DCE2_Ret DCE2_SmbNtTransactCreateReq(DCE2_SmbSsnData* ssd, if (param_len < (pad + file_name_length)) return DCE2_RET__ERROR; - DCE2_MOVE(param_ptr, param_len, pad); + dce2_move(param_ptr, param_len, pad); ssd->cur_rtracker->file_name = DCE2_SmbGetFileName(param_ptr, file_name_length, unicode, &ssd->cur_rtracker->file_name_size); @@ -420,7 +420,7 @@ static DCE2_Ret DCE2_SmbUpdateTransSecondary(DCE2_SmbSsnData* ssd, tpcnt = (uint16_t)ttracker->tpcnt; } - DCE2_MOVE(nb_ptr, nb_len, com_size); + dce2_move(nb_ptr, nb_len, com_size); if (DCE2_SmbValidateTransactionFields(ssd, (const uint8_t*)smb_hdr, nb_ptr, nb_len, byte_count, tdcnt, tpcnt, dcnt, doff, ddisp, pcnt, poff, pdisp) != DCE2_RET__SUCCESS) @@ -435,7 +435,7 @@ static DCE2_Ret DCE2_SmbUpdateTransSecondary(DCE2_SmbSsnData* ssd, if (data_params & DCE2_SMB_TRANS__DATA) { - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); if ((dcnt != 0) && (DCE2_SmbBufferTransactionData(ttracker, nb_ptr, dcnt, ddisp) @@ -447,7 +447,7 @@ static DCE2_Ret DCE2_SmbUpdateTransSecondary(DCE2_SmbSsnData* ssd, if (data_params & DCE2_SMB_TRANS__PARAMS) { - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + poff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + poff) - nb_ptr); if ((pcnt != 0) && (DCE2_SmbBufferTransactionParameters(ttracker, nb_ptr, pcnt, pdisp) @@ -578,7 +578,7 @@ static DCE2_Ret DCE2_SmbUpdateTransRequest(DCE2_SmbSsnData* ssd, return DCE2_RET__ERROR; } - DCE2_MOVE(nb_ptr, nb_len, com_size); + dce2_move(nb_ptr, nb_len, com_size); // Samba validates the Name which should be \PIPE\ and errors // if not. Windows doesn't care. @@ -642,7 +642,7 @@ static DCE2_Ret DCE2_SmbUpdateTransRequest(DCE2_SmbSsnData* ssd, return DCE2_RET__ERROR; } - DCE2_MOVE(nb_ptr, nb_len, com_size); + dce2_move(nb_ptr, nb_len, com_size); break; @@ -679,7 +679,7 @@ static DCE2_Ret DCE2_SmbUpdateTransRequest(DCE2_SmbSsnData* ssd, return DCE2_RET__IGNORE; } - DCE2_MOVE(nb_ptr, nb_len, com_size); + dce2_move(nb_ptr, nb_len, com_size); break; @@ -711,7 +711,7 @@ static DCE2_Ret DCE2_SmbUpdateTransRequest(DCE2_SmbSsnData* ssd, dce_alert(GID_DCE2, DCE2_SMB_DCNT_ZERO, (dce2CommonStats*)&dce2_smb_stats, ssd->sd); - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); // If all of the data and parameters weren't sent, buffer what was sent if (((dcnt != tdcnt) || (pcnt != tpcnt)) && (dcnt != 0) @@ -728,7 +728,7 @@ static DCE2_Ret DCE2_SmbUpdateTransRequest(DCE2_SmbSsnData* ssd, dce_alert(GID_DCE2, DCE2_SMB_DCNT_ZERO, (dce2CommonStats*)&dce2_smb_stats, ssd->sd); - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + poff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + poff) - nb_ptr); // If all of the data and parameters weren't sent, buffer what was sent if (((pcnt != tpcnt) || (dcnt != tdcnt)) && (pcnt != 0) @@ -855,7 +855,7 @@ static DCE2_Ret DCE2_SmbUpdateTransResponse(DCE2_SmbSsnData* ssd, return DCE2_RET__ERROR; } - DCE2_MOVE(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); + dce2_move(nb_ptr, nb_len, DCE2_ComInfoCommandSize(com_info)); // From client request if (ttracker->smb_type == SMB_TYPE__REQUEST) @@ -892,7 +892,7 @@ static DCE2_Ret DCE2_SmbUpdateTransResponse(DCE2_SmbSsnData* ssd, if (data_params & DCE2_SMB_TRANS__DATA) { - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); if ((ttracker->dsent < ttracker->tdcnt) || (ttracker->psent < ttracker->tpcnt) @@ -909,7 +909,7 @@ static DCE2_Ret DCE2_SmbUpdateTransResponse(DCE2_SmbSsnData* ssd, if (data_params & DCE2_SMB_TRANS__PARAMS) { - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + poff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + poff) - nb_ptr); if ((ttracker->dsent < ttracker->tdcnt) || (ttracker->psent < ttracker->tpcnt) @@ -953,7 +953,7 @@ static DCE2_Ret DCE2_SmbTrans2Open2Req(DCE2_SmbSsnData* ssd, SmbTrans2Open2ReqAllocSize((const SmbTrans2Open2ReqParams*)param_ptr); } - DCE2_MOVE(param_ptr, param_len, sizeof(SmbTrans2Open2ReqParams)); + dce2_move(param_ptr, param_len, sizeof(SmbTrans2Open2ReqParams)); ssd->cur_rtracker->file_name = DCE2_SmbGetFileName(param_ptr, param_len, unicode, &ssd->cur_rtracker->file_name_size); @@ -1112,10 +1112,10 @@ DCE2_Ret DCE2_SmbTransaction(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, uint16_t pcnt = SmbTransactionReqParamCnt((const SmbTransactionReq*)nb_ptr); uint16_t poff = SmbTransactionReqParamOff((const SmbTransactionReq*)nb_ptr); - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); const uint8_t* data_ptr = nb_ptr; - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + poff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + poff) - nb_ptr); const uint8_t* param_ptr = nb_ptr; status = DCE2_SmbTransactionReq(ssd, ttracker, data_ptr, dcnt, param_ptr, pcnt); @@ -1154,7 +1154,7 @@ DCE2_Ret DCE2_SmbTransaction(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, uint16_t dcnt = SmbTransactionRespDataCnt((const SmbTransactionResp*)nb_ptr); uint16_t doff = SmbTransactionRespDataOff((const SmbTransactionResp*)nb_ptr); - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); if (DCE2_SmbProcessResponseData(ssd, nb_ptr, dcnt) != DCE2_RET__SUCCESS) return DCE2_RET__ERROR; @@ -1222,7 +1222,7 @@ DCE2_Ret DCE2_SmbTransaction2(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, if (status != DCE2_RET__FULL) return status; - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + poff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + poff) - nb_ptr); switch (ttracker->subcom) { @@ -1240,7 +1240,7 @@ DCE2_Ret DCE2_SmbTransaction2(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, case TRANS2_SET_FILE_INFORMATION: data_ptr = nb_ptr; - DCE2_MOVE(data_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - data_ptr); + dce2_move(data_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - data_ptr); status = DCE2_SmbTrans2SetFileInfoReq(ssd, nb_ptr, pcnt, data_ptr, dcnt); if (status != DCE2_RET__SUCCESS) @@ -1275,7 +1275,7 @@ DCE2_Ret DCE2_SmbTransaction2(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, uint16_t poff = SmbTransaction2RespParamOff((const SmbTransaction2Resp*)nb_ptr); uint16_t pcnt = SmbTransaction2RespParamCnt((const SmbTransaction2Resp*)nb_ptr); - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + poff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + poff) - nb_ptr); ptr = nb_ptr; len = pcnt; @@ -1333,7 +1333,7 @@ DCE2_Ret DCE2_SmbTransaction2(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, uint16_t doff = SmbTransaction2RespDataOff((const SmbTransaction2Resp*)nb_ptr); uint16_t dcnt = SmbTransaction2RespDataCnt((const SmbTransaction2Resp*)nb_ptr); - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + doff) - nb_ptr); ptr = nb_ptr; len = dcnt; @@ -1417,7 +1417,7 @@ DCE2_Ret DCE2_SmbTransaction2(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, uint16_t poff = SmbTransaction2RespParamOff((const SmbTransaction2Resp*)nb_ptr); uint16_t pcnt = SmbTransaction2RespParamCnt((const SmbTransaction2Resp*)nb_ptr); - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + poff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + poff) - nb_ptr); ptr = nb_ptr; len = pcnt; @@ -1477,7 +1477,7 @@ DCE2_Ret DCE2_SmbNtTransact(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, if (status != DCE2_RET__FULL) return status; - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + poff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + poff) - nb_ptr); switch (ttracker->subcom) { @@ -1513,7 +1513,7 @@ DCE2_Ret DCE2_SmbNtTransact(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, uint32_t poff = SmbNtTransactRespParamOff((const SmbNtTransactResp*)nb_ptr); uint32_t pcnt = SmbNtTransactRespParamCnt((const SmbNtTransactResp*)nb_ptr); - DCE2_MOVE(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + poff) - nb_ptr); + dce2_move(nb_ptr, nb_len, ((const uint8_t*)smb_hdr + poff) - nb_ptr); ptr = nb_ptr; len = pcnt; diff --git a/src/service_inspectors/dce_rpc/dce_smb_transaction_utils.cc b/src/service_inspectors/dce_rpc/dce_smb_transaction_utils.cc index 3303ee053..35277c56b 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_transaction_utils.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_transaction_utils.cc @@ -240,7 +240,7 @@ DCE2_Ret DCE2_SmbTransactionGetName(const uint8_t* nb_ptr, nb_len = bcc; if (unicode) - DCE2_MOVE(nb_ptr, nb_len, 1); // One byte pad for unicode + dce2_move(nb_ptr, nb_len, 1); // One byte pad for unicode uint8_t increment = unicode ? 2 : 1; int state = TRANS_NM_PIPE_0; @@ -251,7 +251,7 @@ DCE2_Ret DCE2_SmbTransactionGetName(const uint8_t* nb_ptr, if (unicode && (nb_ptr[1] != 0)) break; state = dce2_samba_pipe_fsm[state].next_state; - DCE2_MOVE(nb_ptr, nb_len, increment); + dce2_move(nb_ptr, nb_len, increment); } else { diff --git a/src/service_inspectors/dce_rpc/dce_smb_utils.cc b/src/service_inspectors/dce_rpc/dce_smb_utils.cc index f44bba82e..fa050233a 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_utils.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_utils.cc @@ -1234,7 +1234,7 @@ Packet* DCE2_SmbGetRpkt(DCE2_SmbSsnData* ssd, header_len = DCE2_MOCK_HDR_LEN__SMB_SRV; DCE2_SmbSetRdata(ssd, const_cast(rpkt->data), (uint16_t)(rpkt->dsize - header_len)); - DCE2_MOVE(*data, *data_len, header_len); + dce2_move(*data, *data_len, header_len); break; case DCE2_RPKT_TYPE__SMB_SEG: default: @@ -1516,7 +1516,7 @@ static void DCE2_SmbFinishFileAPI(DCE2_SmbSsnData* ssd) if ((ftracker->ff_file_size == 0) && (ftracker->ff_bytes_processed != 0)) { - Profile profile(dce2_smb_pstat_smb_file_api); + Profile sub_profile(dce2_smb_pstat_smb_file_api); if (file_flows->file_process(p, nullptr, 0, SNORT_FILE_END, upload)) { if (upload) diff --git a/src/service_inspectors/dce_rpc/dce_udp_processing.cc b/src/service_inspectors/dce_rpc/dce_udp_processing.cc index 840033fdc..c98ce6d64 100644 --- a/src/service_inspectors/dce_rpc/dce_udp_processing.cc +++ b/src/service_inspectors/dce_rpc/dce_udp_processing.cc @@ -118,7 +118,7 @@ void DCE2_ClProcess(DCE2_SsnData* sd, DCE2_ClTracker* clt) cl_hdr = (const DceRpcClHdr*)data_ptr; - DCE2_MOVE(data_ptr, data_len, sizeof(DceRpcClHdr)); + dce2_move(data_ptr, data_len, sizeof(DceRpcClHdr)); if (DCE2_ClHdrChecks(sd, cl_hdr) != DCE2_RET__SUCCESS) return; @@ -558,7 +558,7 @@ static void DCE2_ClFragReassemble( break; memcpy(const_cast(rdata), fnode->frag_data, fnode->frag_len); - DCE2_MOVE(rdata, rlen, fnode->frag_len); + dce2_move(rdata, rlen, fnode->frag_len); stub_len += fnode->frag_len; } diff --git a/src/service_inspectors/dce_rpc/dce_utils.h b/src/service_inspectors/dce_rpc/dce_utils.h index 05423fbbd..ac00d7460 100644 --- a/src/service_inspectors/dce_rpc/dce_utils.h +++ b/src/service_inspectors/dce_rpc/dce_utils.h @@ -136,7 +136,7 @@ void DCE2_BufferDestroy(DCE2_Buffer* buf); #define DCE2_UUID_BUF_SIZE 50 const char* DCE2_UuidToStr( - const Uuid*, DceRpcBoFlag, char (& buf)[DCE2_UUID_BUF_SIZE]); + const Uuid*, DceRpcBoFlag, char (&buf)[DCE2_UUID_BUF_SIZE]); /******************************************************************** * Function: DCE2_IsSpaceChar() @@ -391,8 +391,23 @@ inline void DCE2_BufferEmpty(DCE2_Buffer* buf) buf->len = 0; } -#define DCE2_MOVE(data_ptr, data_len, amount) \ - { (data_len) -= (amount); (data_ptr) = (const uint8_t*)(data_ptr) + (amount); } +inline void dce2_move(const uint8_t*& data_ptr, uint16_t& data_len, int amount) +{ + data_len -= amount; + data_ptr += amount; +} + +inline void dce2_move(const uint8_t*& data_ptr, uint32_t& data_len, int amount) +{ + data_len -= amount; + data_ptr += amount; +} + +inline void dce2_move(const uint8_t*& data_ptr, int64_t& data_len, int amount) +{ + data_len -= amount; + data_ptr += amount; +} #endif diff --git a/src/service_inspectors/dce_rpc/smb_message.cc b/src/service_inspectors/dce_rpc/smb_message.cc index cc11fba40..3122f3d22 100644 --- a/src/service_inspectors/dce_rpc/smb_message.cc +++ b/src/service_inspectors/dce_rpc/smb_message.cc @@ -908,14 +908,14 @@ static void DCE2_SmbProcessCommand(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr if (smb_chain_funcs[policy][andx_com][smb_com2] == nullptr) break; - DCE2_MOVE(nb_ptr, nb_len, DCE2_ComInfoCommandSize(&com_info)); + dce2_move(nb_ptr, nb_len, DCE2_ComInfoCommandSize(&com_info)); // FIXIT-L Need to test out of order chaining const uint8_t* off2_ptr = (const uint8_t*)smb_hdr + SmbAndXOff2(andx_ptr); if (DCE2_SmbCheckAndXOffset(ssd, off2_ptr, nb_ptr, nb_len) != DCE2_RET__SUCCESS) break; - DCE2_MOVE(nb_ptr, nb_len, (off2_ptr - nb_ptr)); + dce2_move(nb_ptr, nb_len, (off2_ptr - nb_ptr)); // FIXIT-L Need to test more. switch (smb_com) @@ -1488,7 +1488,7 @@ static void DCE2_Smb1Process(DCE2_SmbSsnData* ssd) else { /* ignore bytes is less than UINT16_MAX */ - DCE2_MOVE(data_ptr, data_len, (uint16_t)*ignore_bytes); + dce2_move(data_ptr, data_len, (uint16_t)*ignore_bytes); *ignore_bytes = 0; } } @@ -1558,7 +1558,7 @@ static void DCE2_Smb1Process(DCE2_SmbSsnData* ssd) } if (!DCE2_BufferIsEmpty(*seg_buf)) - DCE2_MOVE(data_ptr, data_len, (uint16_t)data_need); + dce2_move(data_ptr, data_len, (uint16_t)data_need); switch (ssd->pdu_state) { @@ -1672,7 +1672,7 @@ static void DCE2_Smb1Process(DCE2_SmbSsnData* ssd) } if (!DCE2_BufferIsEmpty(*seg_buf)) - DCE2_MOVE(data_ptr, data_len, (uint16_t)data_need); + dce2_move(data_ptr, data_len, (uint16_t)data_need); *data_state = DCE2_SMB_DATA_STATE__NETBIOS_PDU; } @@ -1720,7 +1720,7 @@ static void DCE2_Smb1Process(DCE2_SmbSsnData* ssd) { nb_ptr = data_ptr; nb_len = data_need; - DCE2_MOVE(data_ptr, data_len, (uint16_t)data_need); + dce2_move(data_ptr, data_len, (uint16_t)data_need); } else { @@ -1728,11 +1728,11 @@ static void DCE2_Smb1Process(DCE2_SmbSsnData* ssd) sizeof(NbssHdr) + nb_len) != DCE2_RET__SUCCESS) { DCE2_BufferEmpty(*seg_buf); - DCE2_MOVE(data_ptr, data_len, (uint16_t)data_need); + dce2_move(data_ptr, data_len, (uint16_t)data_need); continue; } - DCE2_MOVE(data_ptr, data_len, (uint16_t)data_need); + dce2_move(data_ptr, data_len, (uint16_t)data_need); nb_ptr = DCE2_BufferData(*seg_buf); nb_len = DCE2_BufferLength(*seg_buf); @@ -1760,7 +1760,7 @@ static void DCE2_Smb1Process(DCE2_SmbSsnData* ssd) case DCE2_SMB_PDU_STATE__COMMAND: { const SmbNtHdr* smb_hdr = (const SmbNtHdr*)(nb_ptr + sizeof(NbssHdr)); - DCE2_MOVE(nb_ptr, nb_len, (sizeof(NbssHdr) + sizeof(SmbNtHdr))); + dce2_move(nb_ptr, nb_len, (sizeof(NbssHdr) + sizeof(SmbNtHdr))); ssd->cur_rtracker = (rtracker != nullptr) ? rtracker : DCE2_SmbFindRequestTracker(ssd, smb_hdr); if (ssd->cur_rtracker != nullptr) @@ -1769,7 +1769,7 @@ static void DCE2_Smb1Process(DCE2_SmbSsnData* ssd) } case DCE2_SMB_PDU_STATE__RAW_DATA: - DCE2_MOVE(nb_ptr, nb_len, sizeof(NbssHdr)); + dce2_move(nb_ptr, nb_len, sizeof(NbssHdr)); if (ssd->cur_rtracker != nullptr) DCE2_SmbProcessRawData(ssd, nb_ptr, nb_len); // Only one raw read or write