Project

General

Profile

Actions

Bug #6008

closed

smb: wrong offset when parse SMB_COM_WRITE_ANDX record

Added by b1 tg over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

In function parse_smb1_write_andx_request_record, when wct == 12, offset should use 32-bits value rather than stay 0.

Bug location: https://github.com/OISF/suricata/blob/a94ca4462093c0b41f87a7d8433801a0abbb4390/rust/src/smb/smb1_records.rs#L110-L117

If WordCount is 0x0C, this field represents a 32-bit offset, measured in
bytes, of where the write SHOULD start relative to the beginning of the file. If WordCount
is 0xE, this field represents the lower 32 bits of a 64-bit offset.
[MS-CIFS].pdf (p.246) 2.2.4.43 SMB_COM_WRITE_ANDX (0x2F)
https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-CIFS/%5bMS-CIFS%5d.pdf

Files


Subtasks 1 (0 open1 closed)

Bug #6139: smb: wrong offset when parse SMB_COM_WRITE_ANDX record (6.0.x backport)ClosedPhilippe AntoineActions
Actions

Also available in: Atom PDF