is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.
| dce_smb_utils.cc (snort3-3.1.29.0) | : | dce_smb_utils.cc (snort3-3.1.30.0) |
|---|
| | |
| skipping to change at line 1354 | | skipping to change at line 1354 |
|---|
| del_req->smb_wct = 1; | | del_req->smb_wct = 1; |
| del_req->smb_search_attrs = SmbHtons(&search_attrs); | | del_req->smb_search_attrs = SmbHtons(&search_attrs); |
| *del_req_fmt = SMB_FMT__ASCII; | | *del_req_fmt = SMB_FMT__ASCII; |
| } | | } |
| | |
| static void DCE2_SmbInjectDeletePdu(DCE2_SmbFileTracker* ftracker) | | static void DCE2_SmbInjectDeletePdu(DCE2_SmbFileTracker* ftracker) |
| { | | { |
| Packet* inject_pkt = DetectionEngine::get_current_wire_packet(); | | Packet* inject_pkt = DetectionEngine::get_current_wire_packet(); |
| Packet* p = DetectionEngine::get_current_packet(); | | Packet* p = DetectionEngine::get_current_packet(); |
| | |
|
| if ( inject_pkt->flow != p->flow ) | | if ( !inject_pkt || inject_pkt->flow != p->flow ) |
| return; | | return; |
| | |
| NbssHdr* nb_hdr = (NbssHdr*)dce2_smb_delete_pdu; | | NbssHdr* nb_hdr = (NbssHdr*)dce2_smb_delete_pdu; |
| SmbNtHdr* smb_hdr = (SmbNtHdr*)((uint8_t*)nb_hdr + sizeof(*nb_hdr)); | | SmbNtHdr* smb_hdr = (SmbNtHdr*)((uint8_t*)nb_hdr + sizeof(*nb_hdr)); |
| SmbDeleteReq* del_req = (SmbDeleteReq*)((uint8_t*)smb_hdr + sizeof(*smb_hdr)
); | | SmbDeleteReq* del_req = (SmbDeleteReq*)((uint8_t*)smb_hdr + sizeof(*smb_hdr)
); |
| char* del_filename = (char*)((uint8_t*)del_req + sizeof(*del_req) + 1); | | char* del_filename = (char*)((uint8_t*)del_req + sizeof(*del_req) + 1); |
| FileCharEncoding encoding = get_character_encoding(ftracker->file_name, | | FileCharEncoding encoding = get_character_encoding(ftracker->file_name, |
| ftracker->file_name_size); | | ftracker->file_name_size); |
| uint16_t file_name_len; | | uint16_t file_name_len; |
| | |
| | |
| skipping to change at line 1725 | | skipping to change at line 1725 |
|---|
| DCE2_SmbRemoveFileTracker(ssd, ftracker); | | DCE2_SmbRemoveFileTracker(ssd, ftracker); |
| return; | | return; |
| } | | } |
| | |
| if ((file_data_depth != -1) && | | if ((file_data_depth != -1) && |
| ((ftracker->ff_file_offset == ftracker->ff_bytes_processed) && | | ((ftracker->ff_file_offset == ftracker->ff_bytes_processed) && |
| ((file_data_depth == 0) || (ftracker->ff_bytes_processed < (uint64_t)fil
e_data_depth)))) | | ((file_data_depth == 0) || (ftracker->ff_bytes_processed < (uint64_t)fil
e_data_depth)))) |
| { | | { |
| set_file_data(data_ptr, (data_len > UINT16_MAX) ? UINT16_MAX : (uint16_t
)data_len); | | set_file_data(data_ptr, (data_len > UINT16_MAX) ? UINT16_MAX : (uint16_t
)data_len); |
| DCE2_FileDetect(); | | DCE2_FileDetect(); |
|
| | set_file_data(nullptr, 0); |
| } | | } |
| | |
| if (ftracker == ssd->fapi_ftracker) | | if (ftracker == ssd->fapi_ftracker) |
| { | | { |
| DCE2_Ret ret; | | DCE2_Ret ret; |
| | |
| if ((ftracker->ff_file_offset != ftracker->ff_bytes_processed) | | if ((ftracker->ff_file_offset != ftracker->ff_bytes_processed) |
| || !DCE2_ListIsEmpty(ftracker->ff_file_chunks)) | | || !DCE2_ListIsEmpty(ftracker->ff_file_chunks)) |
| { | | { |
| if ((ssd->max_file_depth != 0) | | if ((ssd->max_file_depth != 0) |
| | | |
| End of changes. 2 change blocks. |
|---|
| 1 lines changed or deleted | | 2 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 