From caa46e010df091e992410139f09d11be1343fd0d Mon Sep 17 00:00:00 2001 From: anthonykasza Date: Fri, 3 Apr 2020 16:00:00 -0600 Subject: [PATCH 1/2] Update src/analyzer/protocol/rdp/rdpeudp-analyzer.pac Co-Authored-By: Jon Siwek --- src/analyzer/protocol/rdp/rdpeudp-analyzer.pac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/analyzer/protocol/rdp/rdpeudp-analyzer.pac b/src/analyzer/protocol/rdp/rdpeudp-analyzer.pac index 6a6eebd175..3564fcf213 100644 --- a/src/analyzer/protocol/rdp/rdpeudp-analyzer.pac +++ b/src/analyzer/protocol/rdp/rdpeudp-analyzer.pac @@ -25,7 +25,7 @@ refine connection RDPEUDP_Conn += { function is_rdpeudp2(): bool %{ - return ((orig_synex_flags_ & resp_synex_flags_) >= RDPUDP_PROTOCOL_VERSION_3); + return orig_synex_flags_ == RDPUDP_PROTOCOL_VERSION_3 && resp_synex_flags_ == RDPUDP_PROTOCOL_VERSION_3; %} function proc_rdpeudp_syn(is_orig: bool, uFlags: uint16, snSourceAck: uint32, uUdpVer: uint16): bool From bf05b1ebc9816532ef1de4ddbfcaa16705af0db0 Mon Sep 17 00:00:00 2001 From: anthonykasza Date: Fri, 3 Apr 2020 16:00:14 -0600 Subject: [PATCH 2/2] Update src/analyzer/protocol/rdp/rdpeudp-protocol.pac Co-Authored-By: Jon Siwek --- src/analyzer/protocol/rdp/rdpeudp-protocol.pac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/analyzer/protocol/rdp/rdpeudp-protocol.pac b/src/analyzer/protocol/rdp/rdpeudp-protocol.pac index 2ca3f922be..fb2cb91efa 100644 --- a/src/analyzer/protocol/rdp/rdpeudp-protocol.pac +++ b/src/analyzer/protocol/rdp/rdpeudp-protocol.pac @@ -43,7 +43,7 @@ type RDPEUDP_SYN(pdu: RDPEUDP_PDU, is_orig: bool) = record { type RDPUDP_SYNEX_PAYLOAD = record { uSynExFlags: uint16; uUdpVer: uint16; - cookieHash: case ((uUdpVer & RDPUDP_PROTOCOL_VERSION_3) > 0) of { + cookieHash: case (uUdpVer == RDPUDP_PROTOCOL_VERSION_3) of { true -> has_cookie_hash: uint8[32]; false -> has_no_cookie_hash: empty; };