From bfa66c6d6cd3cab30f08ca86478f99c2f0c3a2c0 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Tue, 2 Feb 2021 13:31:08 +0100 Subject: [PATCH] smb: probing parser for start and midstream The probing parser is more strict at the start of the stream (cherry picked from commit 1b6e81cd7284355cb4315606cac30325e144d25a) --- rust/src/smb/smb.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs index ada497b579..f81be26062 100644 --- a/rust/src/smb/smb.rs +++ b/rust/src/smb/smb.rs @@ -1977,8 +1977,10 @@ pub extern "C" fn rs_smb_probe_tcp(flags: u8, -> i8 { let slice = build_slice!(input, len as usize); - if rs_smb_probe_tcp_midstream(flags, slice, rdir) == 1 { - return 1; + if flags & STREAM_MIDSTREAM == STREAM_MIDSTREAM { + if rs_smb_probe_tcp_midstream(flags, slice, rdir) == 1 { + return 1; + } } match parse_nbss_record_partial(slice) { Ok((_, ref hdr)) => { -- 2.47.2