Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

smb1: Ensure existence of dialect_index in offered dialects

Browse source 
When a negotiate request offers no dialects, but the response contains
an ntlm record which selects a dialect, a script error is triggered.

    $ zeek -C -r ./f2b0e.pcap 'DPD::ignore_violations+={ Analyzer::ANALYZER_SMB }'
    1668615340.837882 expression error in /home/awelzel/corelight-oss/zeek/scripts/base/protocols/smb/./smb1-main.zeek, line 96: no such index (SMB1::c$smb_state$current_cmd$smb1_offered_dialects[SMB1::response$ntlm$dialect_index])

Script error triggered by fuzzing when testing Tim's all-the-fuzzing branch.
This commit is contained in:
Arne Welzel 2022-11-16 17:44:55 +01:00
parent ec3eca0549
commit e9fa853048
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
scripts/base/protocols/smb/smb1-main.zeek
View file

@ -89,9 +89,10 @@ event smb1_negotiate_response(c: connection, hdr: SMB1::Header, response: SMB1::
{ {
if ( c$smb_state$current_cmd?$smb1_offered_dialects ) if ( c$smb_state$current_cmd?$smb1_offered_dialects )
{ {
if ( response?$ntlm ) local offered_dialects = c$smb_state$current_cmd$smb1_offered_dialects;
if ( response?$ntlm && response$ntlm$dialect_index < |offered_dialects| )
{ {
c$smb_state$current_cmd$argument = c$smb_state$current_cmd$smb1_offered_dialects[response$ntlm$dialect_index]; c$smb_state$current_cmd$argument = offered_dialects[response$ntlm$dialect_index];
} }
delete c$smb_state$current_cmd$smb1_offered_dialects; delete c$smb_state$current_cmd$smb1_offered_dialects;