From a829eff05866d7fdf1d414356a2afffab1c3cca0 Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Tue, 15 Feb 2022 15:18:49 -0600
Subject: [PATCH] smb: check correct buffer for overflow

Fix an error in the checking of an overflow condition.

The first overflow check is only checking the size of the new data, not
the new data + the size of the buffered data. This is due to the buffer
on the state being emptied into a local variable just before the check.

This results in overflows not being caught, but being caught a few lines
down after the copy resulting in increased CPU usage for data that is
just going to be thrown away.

Ticket #4945
---
 rust/src/smb/smb.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs
index 231be9aaa7..08ff8e51a1 100644
--- a/rust/src/smb/smb.rs
+++ b/rust/src/smb/smb.rs
@@ -1375,7 +1375,7 @@ impl SMBState {
             0 => i,
             _ => {
                 v = self.tcp_buffer_ts.split_off(0);
-                if self.tcp_buffer_ts.len() + i.len() > 100000 {
+                if v.len() + i.len() > 100000 {
                     self.set_event(SMBEvent::RecordOverflow);
                     return 1;
                 };
-- 
2.47.2