Merge branch 'topic/ak/rdpeudp' of https://github.com/anthonykasza/zeek into topic/ak/rdpeudp

2025-10-09 18:18:19 +00:00 · 2020-04-03 16:18:50 -06:00 · 2020-04-03 16:18:50 -06:00 · 01decee777
commit 01decee777
parent d10c9ab667 bf05b1ebc9
2 changed files with 2 additions and 2 deletions
--- a/src/analyzer/protocol/rdp/rdpeudp-analyzer.pac
+++ b/src/analyzer/protocol/rdp/rdpeudp-analyzer.pac
@ -25,7 +25,7 @@ refine connection RDPEUDP_Conn += {

 	function is_rdpeudp2(): bool
 		%{
-		return ((orig_synex_flags_ & resp_synex_flags_) >= RDPUDP_PROTOCOL_VERSION_3);
+		return orig_synex_flags_  == RDPUDP_PROTOCOL_VERSION_3 && resp_synex_flags_ == RDPUDP_PROTOCOL_VERSION_3;
 		%}

 	function proc_rdpeudp_syn(is_orig: bool, uFlags: uint16, snSourceAck: uint32, uUdpVer: uint16): bool
--- a/src/analyzer/protocol/rdp/rdpeudp-protocol.pac
+++ b/src/analyzer/protocol/rdp/rdpeudp-protocol.pac
@ -43,7 +43,7 @@ type RDPEUDP_SYN(pdu: RDPEUDP_PDU, is_orig: bool) = record {
 type RDPUDP_SYNEX_PAYLOAD = record {
 	uSynExFlags:	uint16;
 	uUdpVer:	uint16;
-	cookieHash:	case ((uUdpVer & RDPUDP_PROTOCOL_VERSION_3) > 0) of {
+	cookieHash:	case (uUdpVer == RDPUDP_PROTOCOL_VERSION_3) of {
 		true -> has_cookie_hash:	uint8[32];
 		false -> has_no_cookie_hash:	empty;
 	};