Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Avoid signed integer overflow when combining SMB header PID bits

Browse source 
Such an overflow invokes undefined behavior.
This commit is contained in:
Jon Siwek 2020-09-17 21:11:09 -07:00
parent 17e3392052
commit 1b88e63e78
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/analyzer/protocol/smb/smb1-protocol.pac
View file

@ -39,6 +39,11 @@
%} %}
refine connection SMB_Conn += { refine connection SMB_Conn += {
function join_pid_bits(hi: uint16, lo: uint16): uint32
%{
return (static_cast<uint32_t>(hi) << 16) | static_cast<uint32_t>(lo);
%}
function proc_smb_message(h: SMB_Header, is_orig: bool): bool function proc_smb_message(h: SMB_Header, is_orig: bool): bool
%{ %{
if ( smb1_message ) if ( smb1_message )
@ -306,7 +311,7 @@ type SMB_Header(is_orig: bool) = record {
} &let { } &let {
err_status_type = (flags2 >> 14) & 1; err_status_type = (flags2 >> 14) & 1;
unicode = (flags2 >> 15) & 1; unicode = (flags2 >> 15) & 1;
pid = (pid_high * 0x10000) + pid_low; pid: uint32 = $context.connection.join_pid_bits(pid_high, pid_low);
is_pipe: bool = $context.connection.get_tree_is_pipe(tid); is_pipe: bool = $context.connection.get_tree_is_pipe(tid);
proc : bool = $context.connection.proc_smb_message(this, is_orig); proc : bool = $context.connection.proc_smb_message(this, is_orig);
} &byteorder=littleendian; } &byteorder=littleendian;