"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/dynamic-preprocessors/dcerpc2/dce2_smb.c" between
snort-2.9.16.1.tar.gz and snort-2.9.17.tar.gz

About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

dce2_smb.c  (snort-2.9.16.1):dce2_smb.c  (snort-2.9.17)
skipping to change at line 43 skipping to change at line 43
#include "snort_dce2.h" #include "snort_dce2.h"
#include "dce2_config.h" #include "dce2_config.h"
#include "dce2_memory.h" #include "dce2_memory.h"
#include "dce2_utils.h" #include "dce2_utils.h"
#include "dce2_debug.h" #include "dce2_debug.h"
#include "dce2_stats.h" #include "dce2_stats.h"
#include "dce2_event.h" #include "dce2_event.h"
#include "smb.h" #include "smb.h"
#include "sf_snort_packet.h" #include "sf_snort_packet.h"
#include "sf_types.h" #include "sf_types.h"
#include "stream_api.h"
#include "session_api.h"
#include "profiler.h" #include "profiler.h"
#include "snort_debug.h" #include "snort_debug.h"
#include "sf_dynamic_preprocessor.h" #include "sf_dynamic_preprocessor.h"
#include "file_api.h" #include "file_api.h"
#include "dce2_smb2.h" #include "dce2_smb2.h"
#ifdef DUMP_BUFFER #ifdef DUMP_BUFFER
#include "dcerpc2_buffer_dump.h" #include "dcerpc2_buffer_dump.h"
#endif #endif
skipping to change at line 98 skipping to change at line 100
{ {
int smb_type; // SMB_TYPE__REQUEST or SMB_TYPE__RESPONSE int smb_type; // SMB_TYPE__REQUEST or SMB_TYPE__RESPONSE
int cmd_error; // mask of DCE2_SmbComError int cmd_error; // mask of DCE2_SmbComError
uint8_t smb_com; uint8_t smb_com;
uint8_t word_count; uint8_t word_count;
uint16_t byte_count; uint16_t byte_count;
uint16_t cmd_size; uint16_t cmd_size;
} DCE2_SmbComInfo; } DCE2_SmbComInfo;
unsigned smb_upload_ret_cb_id = 0;
// Inline accessor functions for DCE2_SmbComInfo // Inline accessor functions for DCE2_SmbComInfo
static inline bool DCE2_ComInfoIsResponse(const DCE2_SmbComInfo *com_info) static inline bool DCE2_ComInfoIsResponse(const DCE2_SmbComInfo *com_info)
{ {
return (com_info->smb_type == SMB_TYPE__RESPONSE) ? true : false; return (com_info->smb_type == SMB_TYPE__RESPONSE) ? true : false;
} }
static inline bool DCE2_ComInfoIsRequest(const DCE2_SmbComInfo *com_info) static inline bool DCE2_ComInfoIsRequest(const DCE2_SmbComInfo *com_info)
{ {
return (com_info->smb_type == SMB_TYPE__REQUEST) ? true : false; return (com_info->smb_type == SMB_TYPE__REQUEST) ? true : false;
skipping to change at line 708 skipping to change at line 712
const uint16_t, const uint16_t, const uint16_t); const uint16_t, const uint16_t, const uint16_t);
static void DCE2_SmbQueueTmpFileTracker(DCE2_SmbSsnData *, static void DCE2_SmbQueueTmpFileTracker(DCE2_SmbSsnData *,
DCE2_SmbRequestTracker *, const uint16_t, const uint16_t); DCE2_SmbRequestTracker *, const uint16_t, const uint16_t);
static inline DCE2_SmbFileTracker * DCE2_SmbGetTmpFileTracker(DCE2_SmbRequestTra cker *); static inline DCE2_SmbFileTracker * DCE2_SmbGetTmpFileTracker(DCE2_SmbRequestTra cker *);
static DCE2_SmbFileTracker * DCE2_SmbDequeueTmpFileTracker(DCE2_SmbSsnData *, static DCE2_SmbFileTracker * DCE2_SmbDequeueTmpFileTracker(DCE2_SmbSsnData *,
DCE2_SmbRequestTracker *, const uint16_t); DCE2_SmbRequestTracker *, const uint16_t);
static inline DCE2_SmbFileTracker * DCE2_SmbGetFileTracker(DCE2_SmbSsnData *, static inline DCE2_SmbFileTracker * DCE2_SmbGetFileTracker(DCE2_SmbSsnData *,
const uint16_t); const uint16_t);
static DCE2_SmbFileTracker * DCE2_SmbFindFileTracker(DCE2_SmbSsnData *, const ui nt16_t, static DCE2_SmbFileTracker * DCE2_SmbFindFileTracker(DCE2_SmbSsnData *, const ui nt16_t,
const uint16_t, const uint16_t); const uint16_t, const uint16_t);
static void DCE2_SmbRemoveFileTracker(DCE2_SmbSsnData *, DCE2_SmbFileTracker *); static DCE2_Ret DCE2_SmbRemoveFileTracker(DCE2_SmbSsnData *, DCE2_SmbFileTracker *);
static inline void DCE2_SmbCleanFileTracker(DCE2_SmbFileTracker *); static inline void DCE2_SmbCleanFileTracker(DCE2_SmbFileTracker *);
static inline void DCE2_SmbCleanTransactionTracker(DCE2_SmbTransactionTracker *) ; static inline void DCE2_SmbCleanTransactionTracker(DCE2_SmbTransactionTracker *) ;
static inline void DCE2_SmbCleanRequestTracker(DCE2_SmbRequestTracker *); static inline void DCE2_SmbCleanRequestTracker(DCE2_SmbRequestTracker *);
static int DCE2_SmbUidTidFidCompare(const void *, const void *); static int DCE2_SmbUidTidFidCompare(const void *, const void *);
static void DCE2_SmbFileTrackerDataFree(void *); static void DCE2_SmbFileTrackerDataFree(void *);
static void DCE2_SmbRequestTrackerDataFree(void *); static void DCE2_SmbRequestTrackerDataFree(void *);
static inline SFSnortPacket * DCE2_SmbGetRpkt(DCE2_SmbSsnData *, const uint8_t * *, static inline SFSnortPacket * DCE2_SmbGetRpkt(DCE2_SmbSsnData *, const uint8_t * *,
uint32_t *, DCE2_RpktType); uint32_t *, DCE2_RpktType);
static inline void DCE2_SmbReturnRpkt(void); static inline void DCE2_SmbReturnRpkt(void);
static inline void DCE2_SmbSetFileName(uint8_t *, uint16_t); static inline void DCE2_SmbSetFileName(uint8_t *, uint16_t);
static uint8_t* DCE2_SmbGetString(const uint8_t *, uint32_t, bool, uint16_t *); static uint8_t* DCE2_SmbGetString(const uint8_t *, uint32_t, bool, uint16_t *);
static inline void DCE2_Update_Ftracker_from_ReqTracker(DCE2_SmbFileTracker *ftr acker, DCE2_SmbRequestTracker *cur_rtracker); static inline void DCE2_Update_Ftracker_from_ReqTracker(DCE2_SmbFileTracker *ftr acker, DCE2_SmbRequestTracker *cur_rtracker);
static inline void DCE2_SmbResetFileChunks(DCE2_SmbFileTracker *); static inline void DCE2_SmbResetFileChunks(DCE2_SmbFileTracker *);
static inline void DCE2_SmbAbortFileAPI(DCE2_SmbSsnData *); static inline void DCE2_SmbAbortFileAPI(DCE2_SmbSsnData *);
static inline void DCE2_SmbFinishFileAPI(DCE2_SmbSsnData *); static inline DCE2_SmbRetransmitPending DCE2_SmbFinishFileAPI(DCE2_SmbSsnData *) ;
static inline void DCE2_SmbSetNewFileAPIFileTracker(DCE2_SmbSsnData *); static inline void DCE2_SmbSetNewFileAPIFileTracker(DCE2_SmbSsnData *);
static int DCE2_SmbFileOffsetCompare(const void *, const void *); static int DCE2_SmbFileOffsetCompare(const void *, const void *);
static void DCE2_SmbFileChunkFree(void *); static void DCE2_SmbFileChunkFree(void *);
static DCE2_Ret DCE2_SmbHandleOutOfOrderFileData(DCE2_SmbSsnData *, static DCE2_Ret DCE2_SmbHandleOutOfOrderFileData(DCE2_SmbSsnData *,
DCE2_SmbFileTracker *, const uint8_t *, uint32_t, bool); DCE2_SmbFileTracker *, const uint8_t *, uint32_t, bool);
static DCE2_Ret DCE2_SmbFileAPIProcess(DCE2_SmbSsnData *, static DCE2_Ret DCE2_SmbFileAPIProcess(DCE2_SmbSsnData *,
DCE2_SmbFileTracker *, const uint8_t *, uint32_t, bool); DCE2_SmbFileTracker *, const uint8_t *, uint32_t, bool);
static inline void DCE2_SmbRemoveFileTrackerFromRequestTrackers(DCE2_SmbSsnData *, static inline void DCE2_SmbRemoveFileTrackerFromRequestTrackers(DCE2_SmbSsnData *,
DCE2_SmbFileTracker *); DCE2_SmbFileTracker *);
#ifdef ACTIVE_RESPONSE #ifdef ACTIVE_RESPONSE
skipping to change at line 901 skipping to change at line 905
void DCE2_SmbInitGlobals(void) void DCE2_SmbInitGlobals(void)
{ {
int com; int com;
DCE2_Policy policy; DCE2_Policy policy;
SmbAndXCom andx; SmbAndXCom andx;
int i; int i;
memset(&smb_wcts, 0, sizeof(smb_wcts)); memset(&smb_wcts, 0, sizeof(smb_wcts));
memset(&smb_bccs, 0, sizeof(smb_bccs)); memset(&smb_bccs, 0, sizeof(smb_bccs));
if (!smb_upload_ret_cb_id)
smb_upload_ret_cb_id = _dpd.streamAPI->register_event_handler(DCE2_Proce
ss_Retransmitted);
// Sets up the function to call for the command and valid word and byte // Sets up the function to call for the command and valid word and byte
// counts for the command. Ensuring valid word and byte counts is very // counts for the command. Ensuring valid word and byte counts is very
// important to processing the command as it will assume the command is // important to processing the command as it will assume the command is
// legitimate and can access data that is acutally there. Note that // legitimate and can access data that is acutally there. Note that
// commands with multiple word counts indicate a different command // commands with multiple word counts indicate a different command
// structure, however most, if not all just have an extended version // structure, however most, if not all just have an extended version
// of the structure for which the extended part isn't used. If the // of the structure for which the extended part isn't used. If the
// extended part of a command structure needs to be used, be sure to // extended part of a command structure needs to be used, be sure to
// check the word count in the command function before accessing data // check the word count in the command function before accessing data
// in the extended version of the command structure. // in the extended version of the command structure.
skipping to change at line 1819 skipping to change at line 1826
ssd->cli_data_state = DCE2_SMB_DATA_STATE__NETBIOS_HEADER; ssd->cli_data_state = DCE2_SMB_DATA_STATE__NETBIOS_HEADER;
ssd->srv_data_state = DCE2_SMB_DATA_STATE__NETBIOS_HEADER; ssd->srv_data_state = DCE2_SMB_DATA_STATE__NETBIOS_HEADER;
ssd->pdu_state = DCE2_SMB_PDU_STATE__COMMAND; ssd->pdu_state = DCE2_SMB_PDU_STATE__COMMAND;
ssd->uid = DCE2_SENTINEL; ssd->uid = DCE2_SENTINEL;
ssd->tid = DCE2_SENTINEL; ssd->tid = DCE2_SENTINEL;
ssd->ftracker.fid_v1 = DCE2_SENTINEL; ssd->ftracker.fid_v1 = DCE2_SENTINEL;
ssd->rtracker.mid = DCE2_SENTINEL; ssd->rtracker.mid = DCE2_SENTINEL;
ssd->smbfound = false; ssd->smbfound = false;
ssd->max_file_depth = _dpd.fileAPI->get_max_file_depth(_dpd.getCurrentSnortC onfig(), false); ssd->max_file_depth = _dpd.fileAPI->get_max_file_depth(_dpd.getCurrentSnortC onfig(), false);
ssd->smbretransmit = false;
DCE2_ResetRopts(&ssd->sd.ropts); DCE2_ResetRopts(&ssd->sd.ropts);
dce2_stats.smb_sessions++; dce2_stats.smb_sessions++;
return ssd; return ssd;
} }
/******************************************************************** /********************************************************************
* Function: DCE2_NbssHdrChecks() * Function: DCE2_NbssHdrChecks()
skipping to change at line 3443 skipping to change at line 3451
if ((status == DCE2_RET__SUCCESS) if ((status == DCE2_RET__SUCCESS)
&& !DCE2_SmbIsTransactionComplete(&ssd->cur_rtracker ->ttracker)) && !DCE2_SmbIsTransactionComplete(&ssd->cur_rtracker ->ttracker))
return; return;
} }
break; break;
case SMB_COM_WRITE_RAW: case SMB_COM_WRITE_RAW:
if ((status == DCE2_RET__SUCCESS) if ((status == DCE2_RET__SUCCESS)
&& (ssd->cur_rtracker->writeraw_remaining != 0)) && (ssd->cur_rtracker->writeraw_remaining != 0))
return; return;
break; break;
/*This is to handle packet that got verdict as pending & will be put
in retry queue */
case SMB_COM_CLOSE:
if (status == DCE2_RET__NOT_INSPECTED)
return;
default: default:
break; break;
} }
} }
else if (status != DCE2_RET__IGNORE) else if (status != DCE2_RET__IGNORE)
{ {
switch (smb_com) switch (smb_com)
{ {
case SMB_COM_TRANSACTION: case SMB_COM_TRANSACTION:
case SMB_COM_TRANSACTION_SECONDARY: case SMB_COM_TRANSACTION_SECONDARY:
skipping to change at line 4087 skipping to change at line 4099
void *p = (void *)ssd->sd.wire_pkt; void *p = (void *)ssd->sd.wire_pkt;
File_Verdict verdict = DCE2_SmbGetFileVerdict(p, ssnptr); File_Verdict verdict = DCE2_SmbGetFileVerdict(p, ssnptr);
if ((verdict == FILE_VERDICT_BLOCK) || (verdict == FILE_VERDICT_REJE CT)) if ((verdict == FILE_VERDICT_BLOCK) || (verdict == FILE_VERDICT_REJE CT))
ssd->block_pdus = true; ssd->block_pdus = true;
} }
#endif #endif
} }
else else
{ {
DCE2_SmbRemoveFileTracker(ssd, ssd->cur_rtracker->ftracker); return DCE2_SmbRemoveFileTracker(ssd, ssd->cur_rtracker->ftracker);
} }
return DCE2_RET__SUCCESS; return DCE2_RET__SUCCESS;
} }
// SMB_COM_RENAME // SMB_COM_RENAME
static DCE2_Ret DCE2_SmbRename(DCE2_SmbSsnData *ssd, const SmbNtHdr *smb_hdr, static DCE2_Ret DCE2_SmbRename(DCE2_SmbSsnData *ssd, const SmbNtHdr *smb_hdr,
const DCE2_SmbComInfo *com_info, const uint8_t *nb_ptr, uint32_t nb_len) const DCE2_SmbComInfo *com_info, const uint8_t *nb_ptr, uint32_t nb_len)
{ {
// NOTE: This command is only processed for CVE-2006-4696 where the buffer // NOTE: This command is only processed for CVE-2006-4696 where the buffer
skipping to change at line 8232 skipping to change at line 8244
/******************************************************************** /********************************************************************
* Function: * Function:
* *
* Purpose: * Purpose:
* *
* Arguments: * Arguments:
* *
* Returns: * Returns:
* *
********************************************************************/ ********************************************************************/
static void DCE2_SmbRemoveFileTracker(DCE2_SmbSsnData *ssd, DCE2_SmbFileTracker *ftracker) static DCE2_Ret DCE2_SmbRemoveFileTracker(DCE2_SmbSsnData *ssd, DCE2_SmbFileTrac ker *ftracker)
{ {
PROFILE_VARS; PROFILE_VARS;
if (ftracker == NULL) if (ftracker == NULL)
return; return DCE2_RET__ERROR;
PREPROC_PROFILE_START(dce2_pstat_smb_fid); PREPROC_PROFILE_START(dce2_pstat_smb_fid);
DEBUG_WRAP(DCE2_DebugMsg(DCE2_DEBUG__SMB, DEBUG_WRAP(DCE2_DebugMsg(DCE2_DEBUG__SMB,
"Removing file tracker with Fid: 0x%04X\n", ftracker->fid_v1)); "Removing file tracker with Fid: 0x%04X\n", ftracker->fid_v1));
if (ssd->fapi_ftracker == ftracker) if (ssd->fapi_ftracker == ftracker)
DCE2_SmbFinishFileAPI(ssd); {
/* If the finish API returns pending set , we return from here
* with not inspected and do not remove the file & request
* trackers for upcoming retry packet.
*/
DCE2_SmbRetransmitPending flag = DCE2_SmbFinishFileAPI(ssd);
if (flag == DCE2_SMB_RETRANSMIT_PENDING__SET)
{
PREPROC_PROFILE_END(dce2_pstat_smb_fid);
return DCE2_RET__NOT_INSPECTED;
}
}
#ifdef ACTIVE_RESPONSE #ifdef ACTIVE_RESPONSE
if (ssd->fb_ftracker == ftracker) if (ssd->fb_ftracker == ftracker)
DCE2_SmbFinishFileBlockVerdict(ssd); DCE2_SmbFinishFileBlockVerdict(ssd);
#endif #endif
if (ftracker == &ssd->ftracker) if (ftracker == &ssd->ftracker)
DCE2_SmbCleanFileTracker(&ssd->ftracker); DCE2_SmbCleanFileTracker(&ssd->ftracker);
else if (ssd->ftrackers != NULL) else if (ssd->ftrackers != NULL)
DCE2_ListRemove(ssd->ftrackers, (void *)(uintptr_t)ftracker->fid_v1); DCE2_ListRemove(ssd->ftrackers, (void *)(uintptr_t)ftracker->fid_v1);
DCE2_SmbRemoveFileTrackerFromRequestTrackers(ssd, ftracker); DCE2_SmbRemoveFileTrackerFromRequestTrackers(ssd, ftracker);
PREPROC_PROFILE_END(dce2_pstat_smb_fid); PREPROC_PROFILE_END(dce2_pstat_smb_fid);
return DCE2_RET__SUCCESS;
} }
/******************************************************************** /********************************************************************
* Function: * Function:
* *
* Purpose: * Purpose:
* *
* Arguments: * Arguments:
* *
* Returns: * Returns:
skipping to change at line 9460 skipping to change at line 9485
#ifdef ACTIVE_RESPONSE #ifdef ACTIVE_RESPONSE
static uint8_t dce2_smb_delete_pdu[65535]; static uint8_t dce2_smb_delete_pdu[65535];
void DCE2_SmbInitDeletePdu(void) void DCE2_SmbInitDeletePdu(void)
{ {
NbssHdr *nb_hdr = (NbssHdr *)dce2_smb_delete_pdu; NbssHdr *nb_hdr = (NbssHdr *)dce2_smb_delete_pdu;
SmbNtHdr *smb_hdr = (SmbNtHdr *)((uint8_t *)nb_hdr + sizeof(*nb_hdr)); SmbNtHdr *smb_hdr = (SmbNtHdr *)((uint8_t *)nb_hdr + sizeof(*nb_hdr));
SmbDeleteReq *del_req = (SmbDeleteReq *)((uint8_t *)smb_hdr + sizeof(*smb_hd r)); SmbDeleteReq *del_req = (SmbDeleteReq *)((uint8_t *)smb_hdr + sizeof(*smb_hd r));
uint8_t *del_req_fmt = (uint8_t *)del_req + sizeof(*del_req); uint8_t *del_req_fmt = (uint8_t *)del_req + sizeof(*del_req);
uint16_t smb_flg2 = 0x4001; uint16_t smb_flg2 = 0xc843;
uint16_t search_attrs = 0x0006; uint16_t search_attrs = 0x0006;
memset(dce2_smb_delete_pdu, 0, sizeof(dce2_smb_delete_pdu)); memset(dce2_smb_delete_pdu, 0, sizeof(dce2_smb_delete_pdu));
nb_hdr->type = 0; nb_hdr->type = 0;
nb_hdr->flags = 0; nb_hdr->flags = 0;
memcpy((void *)smb_hdr->smb_idf, (void *)"\xffSMB", sizeof(smb_hdr->smb_idf) ); memcpy((void *)smb_hdr->smb_idf, (void *)"\xffSMB", sizeof(smb_hdr->smb_idf) );
smb_hdr->smb_com = SMB_COM_DELETE; smb_hdr->smb_com = SMB_COM_DELETE;
smb_hdr->smb_status.nt_status = 0; smb_hdr->smb_status.nt_status = 0;
skipping to change at line 9498 skipping to change at line 9523
SmbDeleteReq *del_req = (SmbDeleteReq *)((uint8_t *)smb_hdr + sizeof(*smb_hd r)); SmbDeleteReq *del_req = (SmbDeleteReq *)((uint8_t *)smb_hdr + sizeof(*smb_hd r));
char *del_filename = (char *)((uint8_t *)del_req + sizeof(*del_req) + 1); char *del_filename = (char *)((uint8_t *)del_req + sizeof(*del_req) + 1);
uint32_t len; uint32_t len;
uint16_t file_name_len = ftracker->file_name_len; uint16_t file_name_len = ftracker->file_name_len;
nb_hdr->length = htons(sizeof(*smb_hdr) + sizeof(*del_req) + 1 + file_name_l en); nb_hdr->length = htons(sizeof(*smb_hdr) + sizeof(*del_req) + 1 + file_name_l en);
len = ntohs(nb_hdr->length) + sizeof(*nb_hdr); len = ntohs(nb_hdr->length) + sizeof(*nb_hdr);
smb_hdr->smb_tid = SmbHtons(&ftracker->tid_v1); smb_hdr->smb_tid = SmbHtons(&ftracker->tid_v1);
smb_hdr->smb_uid = SmbHtons(&ftracker->uid_v1); smb_hdr->smb_uid = SmbHtons(&ftracker->uid_v1);
del_req->smb_bcc = 1 + file_name_len; del_req->smb_bcc = 1 + file_name_len;
memcpy(del_filename, ftracker->file_name, file_name_len); if (SmbUnicode(smb_hdr))
memcpy(del_filename, ftracker->file_name + UTF_16_LE_BOM_LEN, file_name_
_dpd.activeInjectData((void *)ssd->sd.wire_pkt, 0, (uint8_t *)nb_hdr, len); len - UTF_16_LE_BOM_LEN);
else
memcpy(del_filename, ftracker->file_name, file_name_len);
_dpd.activeInjectData((void *)ssd->sd.wire_pkt, 0, (uint8_t *)nb_hdr, len);
} }
static void DCE2_SmbFinishFileBlockVerdict(DCE2_SmbSsnData *ssd) static void DCE2_SmbFinishFileBlockVerdict(DCE2_SmbSsnData *ssd)
{ {
void *ssnptr = ssd->sd.wire_pkt->stream_session; void *ssnptr = ssd->sd.wire_pkt->stream_session;
void *p = (void *)ssd->sd.wire_pkt; void *p = (void *)ssd->sd.wire_pkt;
File_Verdict verdict; File_Verdict verdict;
PROFILE_VARS; PROFILE_VARS;
PREPROC_PROFILE_START(dce2_pstat_smb_file); PREPROC_PROFILE_START(dce2_pstat_smb_file);
skipping to change at line 9547 skipping to change at line 9574
{ {
_dpd.fileAPI->file_signature_lookup(p, true); _dpd.fileAPI->file_signature_lookup(p, true);
verdict = _dpd.fileAPI->get_file_verdict(ssnptr); verdict = _dpd.fileAPI->get_file_verdict(ssnptr);
} }
PREPROC_PROFILE_END(dce2_pstat_smb_file_api); PREPROC_PROFILE_END(dce2_pstat_smb_file_api);
return verdict; return verdict;
} }
#endif #endif
static inline void DCE2_SmbFinishFileAPI(DCE2_SmbSsnData *ssd) static inline DCE2_SmbRetransmitPending DCE2_SmbFinishFileAPI(DCE2_SmbSsnData *s sd)
{ {
void *ssnptr = ssd->sd.wire_pkt->stream_session; void *ssnptr = ssd->sd.wire_pkt->stream_session;
void *p = (void *)ssd->sd.wire_pkt; void *p = (void *)ssd->sd.wire_pkt;
DCE2_SmbFileTracker *ftracker = ssd->fapi_ftracker; DCE2_SmbFileTracker *ftracker = ssd->fapi_ftracker;
bool upload; bool upload;
PROFILE_VARS; PROFILE_VARS;
if (ftracker == NULL) if (ftracker == NULL)
return; return DCE2_SMB_RETRANSMIT_PENDING__UNSET;
PREPROC_PROFILE_START(dce2_pstat_smb_file); PREPROC_PROFILE_START(dce2_pstat_smb_file);
upload = _dpd.fileAPI->get_file_direction(ssnptr); upload = _dpd.fileAPI->get_file_direction(ssnptr);
/*This is a case of retrasmitted packet in upload sceanrio with Pending verd
ict*/
if ((ssd->smbretransmit))
{
ssd->smbretransmit = false;
_dpd.fileAPI->file_signature_lookup(p, true);
File_Verdict verdict = _dpd.fileAPI->get_file_verdict(ssnptr);
if ((verdict == FILE_VERDICT_BLOCK) || (verdict == FILE_VERDICT_REJECT)
)
{
ssd->fb_ftracker = ftracker;
ssd->fapi_ftracker = NULL;
PREPROC_PROFILE_END(dce2_pstat_smb_file);
return DCE2_SMB_RETRANSMIT_PENDING__UNSET;
}
else if (verdict == FILE_VERDICT_PENDING)
{
PREPROC_PROFILE_END(dce2_pstat_smb_file_api);
return DCE2_SMB_RETRANSMIT_PENDING__SET;
}
else /*if we get some other verdict , clean up*/
{
ssd->fapi_ftracker = NULL;
PREPROC_PROFILE_END(dce2_pstat_smb_file);
return DCE2_SMB_RETRANSMIT_PENDING__UNSET;
}
}
if (_dpd.fileAPI->get_file_processed_size(ssnptr) != 0) if (_dpd.fileAPI->get_file_processed_size(ssnptr) != 0)
{ {
// Never knew the size of the file so never knew when to tell the // Never knew the size of the file so never knew when to tell the
// fileAPI the upload/download was finished. // fileAPI the upload/download was finished.
if ((ftracker->ff_file_size == 0) if ((ftracker->ff_file_size == 0)
&& (ftracker->ff_bytes_processed != 0)) && (ftracker->ff_bytes_processed != 0))
{ {
DCE2_SmbSetFileName(ftracker->file_name, ftracker->file_name_len); DCE2_SmbSetFileName(ftracker->file_name, ftracker->file_name_len);
PREPROC_PROFILE_START(dce2_pstat_smb_file_api); PREPROC_PROFILE_START(dce2_pstat_smb_file_api);
skipping to change at line 9583 skipping to change at line 9636
#ifdef ACTIVE_RESPONSE #ifdef ACTIVE_RESPONSE
if (_dpd.fileAPI->file_process(p, NULL, 0, SNORT_FILE_END, upload, u pload, false)) if (_dpd.fileAPI->file_process(p, NULL, 0, SNORT_FILE_END, upload, u pload, false))
{ {
if (upload) if (upload)
{ {
File_Verdict verdict = File_Verdict verdict =
_dpd.fileAPI->get_file_verdict(ssd->sd.wire_pkt->stream_ session); _dpd.fileAPI->get_file_verdict(ssd->sd.wire_pkt->stream_ session);
if ((verdict == FILE_VERDICT_BLOCK) || (verdict == FILE_VERD ICT_REJECT)) if ((verdict == FILE_VERDICT_BLOCK) || (verdict == FILE_VERD ICT_REJECT))
ssd->fb_ftracker = ftracker; ssd->fb_ftracker = ftracker;
else if ((verdict == FILE_VERDICT_PENDING) && (smb_upload_re
t_cb_id != 0))
{
_dpd.streamAPI->set_event_handler(ssnptr, smb_upload_ret
_cb_id, SE_REXMIT);
PREPROC_PROFILE_END(dce2_pstat_smb_file_api);
return DCE2_SMB_RETRANSMIT_PENDING__SET;
}
} }
} }
#else #else
(void)_dpd.fileAPI->file_process(p, NULL, 0, SNORT_FILE_END, upload, false, false); (void)_dpd.fileAPI->file_process(p, NULL, 0, SNORT_FILE_END, upload, false, false);
#endif #endif
PREPROC_PROFILE_END(dce2_pstat_smb_file_api); PREPROC_PROFILE_END(dce2_pstat_smb_file_api);
dce2_stats.smb_files_processed++; dce2_stats.smb_files_processed++;
} }
} }
ssd->fapi_ftracker = NULL; ssd->fapi_ftracker = NULL;
PREPROC_PROFILE_END(dce2_pstat_smb_file); PREPROC_PROFILE_END(dce2_pstat_smb_file);
return DCE2_SMB_RETRANSMIT_PENDING__UNSET;
} }
static inline bool DCE2_SmbIsVerdictSuspend(bool upload, FilePosition position) static inline bool DCE2_SmbIsVerdictSuspend(bool upload, FilePosition position)
{ {
#ifdef ACTIVE_RESPONSE #ifdef ACTIVE_RESPONSE
if (upload && if (upload &&
((position == SNORT_FILE_FULL) || (position == SNORT_FILE_END))) ((position == SNORT_FILE_FULL) || (position == SNORT_FILE_END)))
return true; return true;
#endif #endif
return false; return false;
skipping to change at line 10113 skipping to change at line 10174
} }
static inline void DCE2_Update_Ftracker_from_ReqTracker(DCE2_SmbFileTracker *ftr acker, DCE2_SmbRequestTracker *cur_rtracker) static inline void DCE2_Update_Ftracker_from_ReqTracker(DCE2_SmbFileTracker *ftr acker, DCE2_SmbRequestTracker *cur_rtracker)
{ {
ftracker->file_name = cur_rtracker->file_name; ftracker->file_name = cur_rtracker->file_name;
ftracker->file_name_len = cur_rtracker->file_name_len; ftracker->file_name_len = cur_rtracker->file_name_len;
cur_rtracker->file_name = NULL; cur_rtracker->file_name = NULL;
cur_rtracker->file_name_len = 0; cur_rtracker->file_name_len = 0;
return; return;
} }
void DCE2_Process_Retransmitted(SFSnortPacket *p)
{
DCE2_SsnData *sd = (DCE2_SsnData *)DCE2_SsnGetAppData(p);
if (sd != NULL)
{
sd->wire_pkt = p;
DCE2_SmbSsnData *ssd = (DCE2_SmbSsnData *)sd;
ssd->smbretransmit = true;
DCE2_SmbRemoveFileTracker(ssd, ssd->cur_rtracker->ftracker);
}
}
 End of changes. 20 change blocks. 
12 lines changed or deleted 80 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)