|
version 1.1.2.7, 2006/12/04 18:38:36
|
version 1.1.2.8, 2007/02/17 07:30:11
|
|
|
|
| | |
| #include "debug.h" | #include "debug.h" |
| #include "sf_snort_packet.h" | #include "sf_snort_packet.h" |
| |
#include "bounds.h" |
| | |
| #include "smb_structs.h" | #include "smb_structs.h" |
| #include "snort_dcerpc.h" | #include "snort_dcerpc.h" |
|
|
|
| { | { |
| DCERPC_HDR *dcerpc_hdr; | DCERPC_HDR *dcerpc_hdr; |
| | |
| if ( _dcerpc->state && STATE_IS_DCERPC ) |
if ( _dcerpc->state == STATE_IS_DCERPC ) |
| { | { |
| if ( data_size < sizeof(DCERPC_REQ) ) | if ( data_size < sizeof(DCERPC_REQ) ) |
| { | { |
|
|
|
| DCERPC_REQ fake_req; | DCERPC_REQ fake_req; |
| u_int16_t smb_hdr_len = 0; | u_int16_t smb_hdr_len = 0; |
| unsigned int dcerpc_req_len= sizeof(DCERPC_REQ); | unsigned int dcerpc_req_len= sizeof(DCERPC_REQ); |
| |
int ret; |
| | |
| if ( smb_hdr ) | if ( smb_hdr ) |
| { | { |
|
|
|
| | |
| if ( smb_hdr ) | if ( smb_hdr ) |
| { | { |
| memcpy(_dpd.altBuffer, _dcerpc_pkt->payload, sizeof(NBT_HDR)); |
ret = SafeMemcpy(_dpd.altBuffer, _dcerpc_pkt->payload, sizeof(NBT_HDR), |
| |
_dpd.altBuffer, _dpd.altBuffer + _dpd.altBufferLen); |
| |
if ( ret == 0 ) |
| |
{ |
| |
DEBUG_WRAP(_dpd.debugMsg(DEBUG_DCERPC, "Failed to copy DCERPC header, skipping DCERPC reassembly.")); |
| |
goto dcerpc_frag_free; |
| |
} |
| _dcerpc_pkt->normalized_payload_size = sizeof(NBT_HDR); | _dcerpc_pkt->normalized_payload_size = sizeof(NBT_HDR); |
| memcpy(_dpd.altBuffer + _dcerpc_pkt->normalized_payload_size, smb_hdr, smb_hdr_len); |
ret = SafeMemcpy(_dpd.altBuffer + _dcerpc_pkt->normalized_payload_size, smb_hdr, smb_hdr_len, |
| |
_dpd.altBuffer, _dpd.altBuffer + _dpd.altBufferLen); |
| |
if ( ret == 0 ) |
| |
{ |
| |
DEBUG_WRAP(_dpd.debugMsg(DEBUG_DCERPC, "Failed to copy DCERPC header, skipping DCERPC reassembly.")); |
| |
goto dcerpc_frag_free; |
| |
} |
| _dcerpc_pkt->normalized_payload_size += smb_hdr_len; | _dcerpc_pkt->normalized_payload_size += smb_hdr_len; |
| } | } |
| | |
| memcpy(_dpd.altBuffer + _dcerpc_pkt->normalized_payload_size, &fake_req, dcerpc_req_len); |
ret = SafeMemcpy(_dpd.altBuffer + _dcerpc_pkt->normalized_payload_size, &fake_req, dcerpc_req_len, |
| |
_dpd.altBuffer, _dpd.altBuffer + _dpd.altBufferLen); |
| |
if ( ret == 0 ) |
| |
{ |
| |
DEBUG_WRAP(_dpd.debugMsg(DEBUG_DCERPC, "Failed to copy DCERPC header, skipping DCERPC reassembly.")); |
| |
goto dcerpc_frag_free; |
| |
} |
| _dcerpc_pkt->normalized_payload_size += dcerpc_req_len; | _dcerpc_pkt->normalized_payload_size += dcerpc_req_len; |
| | |
| /* Copy data into buffer */ | /* Copy data into buffer */ |
| memcpy(_dpd.altBuffer + _dcerpc_pkt->normalized_payload_size, _dcerpc->dcerpc_req_buf, _dcerpc->dcerpc_req_buf_len); |
ret = SafeMemcpy(_dpd.altBuffer + _dcerpc_pkt->normalized_payload_size, _dcerpc->dcerpc_req_buf, _dcerpc->dcerpc_req_buf_len, |
| |
_dpd.altBuffer, _dpd.altBuffer + _dpd.altBufferLen); |
| |
if ( ret == 0 ) |
| |
{ |
| |
DEBUG_WRAP(_dpd.debugMsg(DEBUG_DCERPC, "Failed to copy DCERPC data, skipping DCERPC reassembly.")); |
| |
goto dcerpc_frag_free; |
| |
} |
| _dcerpc_pkt->normalized_payload_size += _dcerpc->dcerpc_req_buf_len; | _dcerpc_pkt->normalized_payload_size += _dcerpc->dcerpc_req_buf_len; |
| | |
| _dcerpc_pkt->flags |= FLAG_ALT_DECODE; | _dcerpc_pkt->flags |= FLAG_ALT_DECODE; |
|
|
|
| if ( _debug_print ) | if ( _debug_print ) |
| PrintBuffer("DCE/RPC reassembled fragment", _dpd.altBuffer, _dcerpc_pkt->normalized_payload_size); | PrintBuffer("DCE/RPC reassembled fragment", _dpd.altBuffer, _dcerpc_pkt->normalized_payload_size); |
| | |
| |
dcerpc_frag_free: |
| /* Get ready for next write */ | /* Get ready for next write */ |
| DCERPC_FragFree(_dcerpc->dcerpc_req_buf, _dcerpc->dcerpc_req_buf_size); | DCERPC_FragFree(_dcerpc->dcerpc_req_buf, _dcerpc->dcerpc_req_buf_size); |
| _dcerpc->dcerpc_req_buf = NULL; | _dcerpc->dcerpc_req_buf = NULL; |
Return to
dcerpc.c
CVS log
Up to [cvs] / snort / src / dynamic-preprocessors / dcerpc