Fix a crash when a user disables DCE_RPC and enabled SMB.

I wasn't accounting for analyzers being disabled and not actually
instantiating when requested.  This includes a test which
verifies there is no crash or problem when a user disables DCE_RPC.

src/analyzer/protocol/smb/smb-pipe.pac

@@ -41,15 +41,19 @@ refine connection SMB_Conn += {
 		if ( fid_to_analyzer_map.count(fid) == 0 )
 			{
 			pipe_dcerpc = (analyzer::dce_rpc::DCE_RPC_Analyzer *)analyzer_mgr->InstantiateAnalyzer("DCE_RPC", bro_analyzer()->Conn());
-			pipe_dcerpc->SetFileID(fid);
+			if ( pipe_dcerpc )
-			fid_to_analyzer_map[fid] = pipe_dcerpc;
+				{
+				pipe_dcerpc->SetFileID(fid);
+				fid_to_analyzer_map[fid] = pipe_dcerpc;
+				}
 			}
 		else
 			{
 			pipe_dcerpc = fid_to_analyzer_map.at(fid);
 			}
 
-		pipe_dcerpc->DeliverStream(${pipe_data}.length(), ${pipe_data}.begin(), is_orig);
+		if ( pipe_dcerpc )
+			pipe_dcerpc->DeliverStream(${pipe_data}.length(), ${pipe_data}.begin(), is_orig);
 
 		return true;
 		%}

testing/btest/scripts/base/protocols/smb/disabled-dce-rpc.test

@@ -0,0 +1,12 @@
+# @TEST-EXEC: bro -C -r $TRACES/smb/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap %INPUT
+# @TEST-EXEC: [ ! -f dce_rpc.log ]
+
+@load policy/protocols/smb
+
+# The DCE_RPC analyzer is a little weird since it's instantiated
+# by the SMB analyzer directly in some cases.  Care needs to be
+# taken to handle a disabled analyzer correctly.
+event bro_init()
+	{
+	Analyzer::disable_analyzer(Analyzer::ANALYZER_DCE_RPC);
+	}