From e9fa853048f1b1567065f2846c755aebc5c9d25c Mon Sep 17 00:00:00 2001 From: Arne Welzel Date: Wed, 16 Nov 2022 17:44:55 +0100 Subject: [PATCH] smb1: Ensure existence of dialect_index in offered dialects When a negotiate request offers no dialects, but the response contains an ntlm record which selects a dialect, a script error is triggered. $ zeek -C -r ./f2b0e.pcap 'DPD::ignore_violations+={ Analyzer::ANALYZER_SMB }' 1668615340.837882 expression error in /home/awelzel/corelight-oss/zeek/scripts/base/protocols/smb/./smb1-main.zeek, line 96: no such index (SMB1::c$smb_state$current_cmd$smb1_offered_dialects[SMB1::response$ntlm$dialect_index]) Script error triggered by fuzzing when testing Tim's all-the-fuzzing branch. --- scripts/base/protocols/smb/smb1-main.zeek | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/base/protocols/smb/smb1-main.zeek b/scripts/base/protocols/smb/smb1-main.zeek index 9a19f27b95..a72c401ccf 100644 --- a/scripts/base/protocols/smb/smb1-main.zeek +++ b/scripts/base/protocols/smb/smb1-main.zeek @@ -89,9 +89,10 @@ event smb1_negotiate_response(c: connection, hdr: SMB1::Header, response: SMB1:: { if ( c$smb_state$current_cmd?$smb1_offered_dialects ) { - if ( response?$ntlm ) + local offered_dialects = c$smb_state$current_cmd$smb1_offered_dialects; + if ( response?$ntlm && response$ntlm$dialect_index < |offered_dialects| ) { - c$smb_state$current_cmd$argument = c$smb_state$current_cmd$smb1_offered_dialects[response$ntlm$dialect_index]; + c$smb_state$current_cmd$argument = offered_dialects[response$ntlm$dialect_index]; } delete c$smb_state$current_cmd$smb1_offered_dialects;