(file) Return to smb_andx_decode.c CVS log (file) (dir) Up to [cvs] / snort / src / dynamic-preprocessors / dcerpc

Diff for /snort/src/dynamic-preprocessors/dcerpc/smb_andx_decode.c between version 1.1.2.8 and 1.1.2.9

version 1.1.2.8, 2007/02/17 04:26:53 version 1.1.2.9, 2007/02/17 07:30:11
Line 81 
Line 81 
     if ( writeX_len > (sizeof(SMB_WRITEX_REQ) + 1) )     if ( writeX_len > (sizeof(SMB_WRITEX_REQ) + 1) )
     {     {
         DEBUG_WRAP(_dpd.debugMsg(DEBUG_DCERPC, "WriteAndX header too big: %u, skipping SMB reassembly.",         DEBUG_WRAP(_dpd.debugMsg(DEBUG_DCERPC, "WriteAndX header too big: %u, skipping SMB reassembly.",
                                                                                                                         _dpd.altBufferLen));                                                                                                                          writeX_len));
         goto dcerpc_fragfree;         goto dcerpc_fragfree;
     }     }
  
     /* Mock up header */     /* Mock up header */
     ret = SafeMemcpy(&temp_writeX, writeX, sizeof(SMB_WRITEX_REQ), &temp_writeX, &temp_writeX + sizeof(SMB_WRITEX_REQ));      memcpy(&temp_writeX, writeX, sizeof(SMB_WRITEX_REQ));
     if ( ret == 0 )  
     {  
         DEBUG_WRAP(_dpd.debugMsg(DEBUG_DCERPC, "WriteAndX header too big: %u, skipping SMB reassembly.",  
                                                                                                                         _dpd.altBufferLen));  
         goto dcerpc_fragfree;  
     }  
     temp_writeX.remaining = _dcerpc->write_andx_buf_len;     temp_writeX.remaining = _dcerpc->write_andx_buf_len;
     temp_writeX.dataLength = _dcerpc->write_andx_buf_len;     temp_writeX.dataLength = _dcerpc->write_andx_buf_len;
  
Line 153 
Line 147 
  
 int SMB_Fragmentation(u_int8_t *smb_hdr, SMB_WRITEX_REQ *writeX, u_int8_t *smb_data, u_int16_t data_size) int SMB_Fragmentation(u_int8_t *smb_hdr, SMB_WRITEX_REQ *writeX, u_int8_t *smb_data, u_int16_t data_size)
 { {
     u_int16_t writeX_length;      u_int16_t writeX_length, temp_len;
     u_char    success = 0;     u_char    success = 0;
  
     /* Check for fragmentation */     /* Check for fragmentation */
Line 249 
Line 243 
     {     {
         writeX_length = _dcerpc->write_andx_buf_size - _dcerpc->write_andx_buf_len;         writeX_length = _dcerpc->write_andx_buf_size - _dcerpc->write_andx_buf_len;
     }     }
       /* Make sure data to be copied is within source buffer */
       if ( (smb_data + writeX_length) > (_dcerpc_pkt->payload + _dcerpc_pkt->payload_size) )
       {
           temp_len = _dcerpc_pkt->payload + _dcerpc_pkt->payload_size - smb_data;
           if ( writeX_length > temp_len )
           {
               writeX_length = temp_len;
           }
       }
     memcpy(_dcerpc->write_andx_buf + _dcerpc->write_andx_buf_len, smb_data, writeX_length);     memcpy(_dcerpc->write_andx_buf + _dcerpc->write_andx_buf_len, smb_data, writeX_length);
     _dcerpc->write_andx_buf_len += writeX_length;     _dcerpc->write_andx_buf_len += writeX_length;
     _dcerpc->fragmentation |= SMB_FRAGMENTATION;     _dcerpc->fragmentation |= SMB_FRAGMENTATION;

Legend:
Removed from v.1.1.2.8  
changed lines
  Added in v.1.1.2.9
snort-team@sourcefire.com