Bug #94 » 0002-add-uuid-to-queue.patch
| src/app-layer-dcerpc-udp.c | ||
|---|---|---|
|
* present to parse the entire header. A slow path is used to parse
|
||
|
* fragmented packets.
|
||
|
*/
|
||
|
static uint32_t DCERPCUDPParseHeader(Flow *f, void *dcerpcudp_state,
|
||
|
static int DCERPCUDPParseHeader(Flow *f, void *dcerpcudp_state,
|
||
|
AppLayerParserState *pstate, uint8_t *input, uint32_t input_len,
|
||
|
AppLayerParserResult *output) {
|
||
|
SCEnter();
|
||
| ... | ... | |
|
case 0:
|
||
|
if (input_len >= DCERPC_UDP_HDR_LEN) {
|
||
|
sstate->dcerpchdrudp.rpc_vers = *p;
|
||
|
if (sstate->dcerpchdrudp.rpc_vers != 4) {
|
||
|
SCLogDebug("DCERPC UDP Header did not validate");
|
||
|
SCReturnInt(-1);
|
||
|
}
|
||
|
sstate->dcerpchdrudp.ptype = *(p + 1);
|
||
|
sstate->dcerpchdrudp.flags1 = *(p + 2);
|
||
|
sstate->dcerpchdrudp.flags2 = *(p + 3);
|
||
| ... | ... | |
|
sstate->uuid_entry = (struct uuid_entry *) calloc(1,
|
||
|
sizeof(struct uuid_entry));
|
||
|
if (sstate->uuid_entry == NULL) {
|
||
|
SCReturnUInt(0);
|
||
|
SCReturnInt(-1);
|
||
|
} else {
|
||
|
memcpy(sstate->uuid_entry->uuid,
|
||
|
sstate->dcerpchdrudp.activityuuid,
|
||
|
sizeof(sstate->dcerpchdrudp.activityuuid));
|
||
|
TAILQ_INSERT_HEAD(&sstate->uuid_list, sstate->uuid_entry,
|
||
|
next);
|
||
|
#ifdef UNITTESTS
|
||
|
if (RunmodeIsUnittests()) {
|
||
|
printUUID("DCERPC UDP", sstate->uuid_entry);
|
||
|
}
|
||
|
#endif
|
||
|
}
|
||
|
SCReturnUInt(80U);
|
||
|
SCReturnInt(80);
|
||
|
break;
|
||
|
} else {
|
||
|
sstate->dcerpchdrudp.rpc_vers = *(p++);
|
||
|
if (sstate->dcerpchdrudp.rpc_vers != 4) {
|
||
|
SCLogDebug("DCERPC UDP Header did not validate");
|
||
|
SCReturnInt(-1);
|
||
|
}
|
||
|
if (!(--input_len))
|
||
|
break;
|
||
|
}
|
||
| ... | ... | |
|
sstate->uuid_entry = (struct uuid_entry *) calloc(1,
|
||
|
sizeof(struct uuid_entry));
|
||
|
if (sstate->uuid_entry == NULL) {
|
||
|
SCReturnUInt(0);
|
||
|
SCReturnInt(-1);
|
||
|
} else {
|
||
|
memcpy(sstate->uuid_entry->uuid,
|
||
|
sstate->dcerpchdrudp.activityuuid,
|
||
|
sizeof(sstate->dcerpchdrudp.activityuuid));
|
||
|
TAILQ_INSERT_HEAD(&sstate->uuid_list, sstate->uuid_entry,
|
||
|
next);
|
||
|
#ifdef UNITTESTS
|
||
|
if (RunmodeIsUnittests()) {
|
||
|
printUUID("DCERPC UDP", sstate->uuid_entry);
|
||
|
}
|
||
|
#endif
|
||
|
}
|
||
|
--input_len;
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
sstate->bytesprocessed += (p - input);
|
||
|
SCReturnUInt((uint32_t)(p - input));
|
||
|
SCReturnInt((p - input));
|
||
|
}
|
||
|
static int DCERPCUDPParse(Flow *f, void *dcerpc_state,
|
||
| ... | ... | |
|
AppLayerParserResult *output) {
|
||
|
uint32_t retval = 0;
|
||
|
uint32_t parsed = 0;
|
||
|
int hdrretval = 0;
|
||
|
SCEnter();
|
||
|
DCERPCUDPState *sstate = (DCERPCUDPState *) dcerpc_state;
|
||
|
while (sstate->bytesprocessed < DCERPC_UDP_HDR_LEN && input_len) {
|
||
|
retval = DCERPCUDPParseHeader(f, dcerpc_state, pstate, input,
|
||
|
hdrretval = DCERPCUDPParseHeader(f, dcerpc_state, pstate, input,
|
||
|
input_len, output);
|
||
|
parsed += retval;
|
||
|
input_len -= retval;
|
||
|
if (hdrretval == -1) {
|
||
|
sstate->bytesprocessed = 0;
|
||
|
SCReturnInt(hdrretval);
|
||
|
} else {
|
||
|
parsed += retval;
|
||
|
input_len -= retval;
|
||
|
}
|
||
|
}
|
||
|
#if 0
|
||
|
printf("Done with DCERPCUDPParseHeader bytesprocessed %u/%u left %u\n",
|
||
| ... | ... | |
|
}
|
||
|
if (dcerpc_state->dcerpchdrudp.opnum != 4) {
|
||
|
printf("expected dcerpc opnum 0x%02x , got 0x%02x : ", 4, dcerpc_state->dcerpchdrudp.opnum);
|
||
|
result = 0;
|
||
|
goto end;
|
||
|
printf("expected dcerpc opnum 0x%02x , got 0x%02x : ", 4, dcerpc_state->dcerpchdrudp.opnum);
|
||
|
result = 0;
|
||
|
goto end;
|
||
|
}
|
||
|
TAILQ_FOREACH(uuid_entry, &dcerpc_state->uuid_list, next) {
|
||