From: Eloy Pérez González <zer1t0ps@protonmail.com>
Date: Fri, 22 Oct 2021 13:00:11 +0000 (+0200)
Subject: smb/dce_opnum: use DCERPC_TYPE_REQUEST
X-Git-Tag: suricata-5.0.10~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ffc7b686e3a17a9c66f4c5624549504c712cc44d;p=thirdparty%2Fsuricata.git

smb/dce_opnum: use DCERPC_TYPE_REQUEST

The smb dce_opnum keyword doesn't match the dcerpc requests/responses.
This occurs because in the rs_smb_tx_match_dce_opnum function, the
x.req_cmd is matched against the erroneous code 1. Fix this by using
DCERPC_TYPE_REQUEST for the comparison instead.

Ticket: 4767
(cherry picked from commit 8dca3d0416f539f5086f72f69d71cfc418355a2f)
---

diff --git a/rust/src/smb/detect.rs b/rust/src/smb/detect.rs
index 5c2b344cb0..86f6a60a34 100644
--- a/rust/src/smb/detect.rs
+++ b/rust/src/smb/detect.rs
@@ -19,6 +19,7 @@ use std;
 use std::ptr;
 use crate::core::*;
 use crate::smb::smb::*;
+use crate::smb::dcerpc::DCERPC_TYPE_REQUEST;
 
 #[no_mangle]
 pub extern "C" fn rs_smb_tx_get_share(tx: &mut SMBTransaction,
@@ -117,7 +118,7 @@ pub extern "C" fn rs_smb_tx_get_dce_opnum(tx: &mut SMBTransaction,
     SCLogDebug!("rs_smb_tx_get_dce_opnum: start");
     match tx.type_data {
         Some(SMBTransactionTypeData::DCERPC(ref x)) => {
-            if x.req_cmd == 1 { // REQUEST
+            if x.req_cmd == DCERPC_TYPE_REQUEST {
                 unsafe {
                     *opnum = x.opnum as u16;
                     return 1;