Adding one more case to the DCE_RPC defrag logic.

(and fixing a couple of compiler warnings)

aux/btest

@@ -1 +1 @@
-Subproject commit 17d1c1547678bfd54ef1202db5415bc85c7ae794
+Subproject commit 625dbecfd63022d79a144b9651085e68cdf99ce4

src/analyzer/protocol/dce-rpc/dce_rpc-protocol.pac

@@ -182,6 +182,15 @@ flow DCE_RPC_Flow(is_orig: bool) {
 		%{
 		if ( ${header.firstfrag} )
 			{
+			if ( fb.count(${header.call_id}) > 0 )
+				{
+				// We already had a first frag earlier.
+				reporter->Weird(connection()->bro_analyzer()->Conn(),
+						"multiple_first_fragments_in_dce_rpc_reassembly");
+				connection()->bro_analyzer()->SetSkip(true);
+				return false;
+				}
+
 			if ( ${header.lastfrag} )
 				{
 				// all-in-one packet
@@ -201,7 +210,7 @@ flow DCE_RPC_Flow(is_orig: bool) {
 					connection()->bro_analyzer()->SetSkip(true);
 					}
 
-				if ( fb[${header.call_id}]->data_length() > BifConst::DCE_RPC::max_frag_data )
+				if ( fb[${header.call_id}]->data_length() > (int)BifConst::DCE_RPC::max_frag_data )
 					{
 					reporter->Weird(connection()->bro_analyzer()->Conn(),
 					                "too_much_dce_rpc_fragment_data");
@@ -216,7 +225,7 @@ flow DCE_RPC_Flow(is_orig: bool) {
 			// not the first frag, but we have a flow buffer so add to it
 			fb[${header.call_id}]->BufferData(frag.begin(), frag.end());
 
-			if ( fb[${header.call_id}]->data_length() > BifConst::DCE_RPC::max_frag_data )
+			if ( fb[${header.call_id}]->data_length() > (int)BifConst::DCE_RPC::max_frag_data )
 				{
 				reporter->Weird(connection()->bro_analyzer()->Conn(),
 				                "too_much_dce_rpc_fragment_data");