Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 04:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

smb: Unify transaction_data_to_val() usage

Browse source 
the data/string handling in smb1-com-transaction.pcac was improved
with c75519ca88, re-use the added
functionality also for smb1-com-transaction-secondary.pac to avoid
buffer overflows.
This commit is contained in:
Arne Welzel 2022-09-02 16:56:08 +02:00 committed by Tim Wojtulewicz
parent 56f9110eca
commit 4c00c3c4ca
1 changed files with 2 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

25
src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac
View file

@ -18,32 +18,11 @@ refine connection SMB_Conn += {
auto parameters = zeek::make_intrusive<zeek::StringVal>(${val.parameters}.length(),
(const char*)${val.parameters}.data());
zeek::StringValPtr payload_str;
SMB1_transaction_data* payload = nullptr;
if ( ${val.data_count} > 0 )
{
payload = ${val.data};
}
if ( payload )
{
switch ( payload->trans_type() ) {
case SMB_PIPE:
payload_str = zeek::make_intrusive<zeek::StringVal>(${val.data_count}, (const char*)${val.data.pipe_data}.data());
break;
case SMB_UNKNOWN:
payload_str = zeek::make_intrusive<zeek::StringVal>(${val.data_count}, (const char*)${val.data.unknown}.data());
break;
default:
payload_str = zeek::make_intrusive<zeek::StringVal>(${val.data_count}, (const char*)${val.data.data}.data());
break;
}
}
if ( ! payload_str )
{
payload_str = transaction_data_to_val(${val.data});
else
payload_str = zeek::val_mgr->EmptyString();
}
zeek::BifEvent::enqueue_smb1_transaction_secondary_request(zeek_analyzer(),
zeek_analyzer()->Conn(),