Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix smb1_com_transaction* messages

Browse source
This commit is contained in:
Jeffrey Bencteux 2018-01-12 15:29:17 +01:00
parent bbe89a79a4
commit f7a8726ffc
4 changed files with 60 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

27
src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac
View file

@ -2,6 +2,9 @@ refine connection SMB_Conn += {
function proc_smb1_transaction_secondary_request(header: SMB_Header, val: SMB1_transaction_secondary_request): bool
%{
if ( ! smb1_transaction_secondary_request )
return false;
RecordVal* args = new RecordVal(BifType::Record::SMB1::Trans_Sec_Args);
args->Assign(0, new Val(${val.total_param_count}, TYPE_COUNT));
args->Assign(1, new Val(${val.total_data_count}, TYPE_COUNT));
@ -12,16 +15,11 @@ refine connection SMB_Conn += {
args->Assign(6, new Val(${val.data_offset}, TYPE_COUNT));
args->Assign(7, new Val(${val.data_displacement}, TYPE_COUNT));
StringVal *parameters = new StringVal(${val.param_count}, (const char*)${val.parameters}.data());
StringVal *parameters = new StringVal(${val.parameters}.length(), (const char*)${val.parameters}.data());
StringVal *payload_str = nullptr;
SMB1_transaction_data *payload = nullptr;
if ( !parameters )
{
parameters = new StringVal("");
}
if ( ${val.data_count > 0} )
if ( ${val.data_count} > 0 )
{
payload = ${val.data};
}
@ -47,15 +45,12 @@ refine connection SMB_Conn += {
payload_str = new StringVal("");
}
if ( smb1_transaction_secondary_request )
{
BifEvent::generate_smb1_transaction_secondary_request(bro_analyzer(),
bro_analyzer()->Conn(),
BuildHeaderVal(header),
args,
parameters,
payload_str);
}
BifEvent::generate_smb1_transaction_secondary_request(bro_analyzer(),
bro_analyzer()->Conn(),
BuildHeaderVal(header),
args,
parameters,
payload_str);
return true;
%}

50
src/analyzer/protocol/smb/smb1-com-transaction.pac
View file

@ -31,16 +31,14 @@ refine connection SMB_Conn += {
function proc_smb1_transaction_request(header: SMB_Header, val: SMB1_transaction_request): bool
%{
StringVal *parameters = new StringVal(${val.param_count}, (const char*)${val.parameters}.data());
if ( ! smb1_transaction_request )
return false;
StringVal *parameters = new StringVal(${val.parameters}.length(), (const char*)${val.parameters}.data());
StringVal *payload_str = nullptr;
SMB1_transaction_data *payload = nullptr;
if ( !parameters )
{
parameters = new StringVal("");
}
if ( ${val.data_count > 0} )
if ( ${val.data_count} > 0 )
{
payload = ${val.data};
}
@ -66,30 +64,27 @@ refine connection SMB_Conn += {
payload_str = new StringVal("");
}
if ( smb1_transaction_request )
BifEvent::generate_smb1_transaction_request(bro_analyzer(),
bro_analyzer()->Conn(),
BuildHeaderVal(header),
smb_string2stringval(${val.name}),
${val.sub_cmd},
parameters,
payload_str);
BifEvent::generate_smb1_transaction_request(bro_analyzer(),
bro_analyzer()->Conn(),
BuildHeaderVal(header),
smb_string2stringval(${val.name}),
${val.sub_cmd},
parameters,
payload_str);
return true;
%}
function proc_smb1_transaction_response(header: SMB_Header, val: SMB1_transaction_response): bool
%{
StringVal *parameters = new StringVal(${val.param_count}, (const char*)${val.parameters}.data());
if ( !smb1_transaction_response )
return false;
StringVal *parameters = new StringVal(${val.parameters}.length(), (const char*)${val.parameters}.data());
StringVal *payload_str = nullptr;
SMB1_transaction_data *payload = nullptr;
if ( !parameters )
{
parameters = new StringVal("");
}
if ( ${val.data_count > 0} )
if ( ${val.data_count} > 0 )
{
payload = ${val.data[0]};
}
@ -115,12 +110,11 @@ refine connection SMB_Conn += {
payload_str = new StringVal("");
}
if ( smb1_transaction_response )
BifEvent::generate_smb1_transaction_response(bro_analyzer(),
bro_analyzer()->Conn(),
BuildHeaderVal(header),
parameters,
payload_str);
BifEvent::generate_smb1_transaction_response(bro_analyzer(),
bro_analyzer()->Conn(),
BuildHeaderVal(header),
parameters,
payload_str);
return true;
%}
};

27
src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac
View file

@ -2,6 +2,9 @@ refine connection SMB_Conn += {
function proc_smb1_transaction2_secondary_request(header: SMB_Header, val: SMB1_transaction2_secondary_request): bool
%{
if ( !smb1_transaction2_secondary_request )
return false;
RecordVal *args = new RecordVal(BifType::Record::SMB1::Trans2_Sec_Args);
args->Assign(0, new Val(${val.total_param_count}, TYPE_COUNT));
args->Assign(1, new Val(${val.total_data_count}, TYPE_COUNT));
@ -13,28 +16,20 @@ refine connection SMB_Conn += {
args->Assign(7, new Val(${val.data_displacement}, TYPE_COUNT));
args->Assign(8, new Val(${val.FID}, TYPE_COUNT));
StringVal *parameters = new StringVal(${val.param_count}, (const char*)${val.parameters}.data());
StringVal *payload = new StringVal(${val.data_count}, (const char*)${val.data}.data());
if ( !parameters )
{
parameters = new StringVal("");
}
StringVal *parameters = new StringVal(${val.parameters}.length(), (const char*)${val.parameters}.data());
StringVal *payload = new StringVal(${val.data}.length(), (const char*)${val.data}.data());
if ( !payload )
{
payload = new StringVal("");
}
if ( smb1_transaction2_secondary_request )
{
BifEvent::generate_smb1_transaction2_secondary_request(bro_analyzer(),
bro_analyzer()->Conn(),
BuildHeaderVal(header),
args,
parameters,
payload);
}
BifEvent::generate_smb1_transaction2_secondary_request(bro_analyzer(),
bro_analyzer()->Conn(),
BuildHeaderVal(header),
args,
parameters,
payload);
return true;
%}

29
src/analyzer/protocol/smb/smb1-com-transaction2.pac
View file

@ -22,21 +22,24 @@ refine connection SMB_Conn += {
function proc_smb1_transaction2_request(header: SMB_Header, val: SMB1_transaction2_request): bool
%{
RecordVal* args = new RecordVal(BifType::Record::SMB1::Trans2_Args);
args->Assign(0, new Val(${val.total_param_count}, TYPE_COUNT));
args->Assign(1, new Val(${val.total_data_count}, TYPE_COUNT));
args->Assign(2, new Val(${val.max_param_count}, TYPE_COUNT));
args->Assign(3, new Val(${val.max_data_count}, TYPE_COUNT));
args->Assign(4, new Val(${val.max_setup_count}, TYPE_COUNT));
args->Assign(5, new Val(${val.flags}, TYPE_COUNT));
args->Assign(6, new Val(${val.timeout}, TYPE_COUNT));
args->Assign(7, new Val(${val.param_count}, TYPE_COUNT));
args->Assign(8, new Val(${val.param_offset}, TYPE_COUNT));
args->Assign(9, new Val(${val.data_count}, TYPE_COUNT));
args->Assign(10, new Val(${val.data_offset}, TYPE_COUNT));
args->Assign(11, new Val(${val.setup_count}, TYPE_COUNT));
if ( smb1_transaction2_request )
{
RecordVal* args = new RecordVal(BifType::Record::SMB1::Trans2_Args);
args->Assign(0, new Val(${val.total_param_count}, TYPE_COUNT));
args->Assign(1, new Val(${val.total_data_count}, TYPE_COUNT));
args->Assign(2, new Val(${val.max_param_count}, TYPE_COUNT));
args->Assign(3, new Val(${val.max_data_count}, TYPE_COUNT));
args->Assign(4, new Val(${val.max_setup_count}, TYPE_COUNT));
args->Assign(5, new Val(${val.flags}, TYPE_COUNT));
args->Assign(6, new Val(${val.timeout}, TYPE_COUNT));
args->Assign(7, new Val(${val.param_count}, TYPE_COUNT));
args->Assign(8, new Val(${val.param_offset}, TYPE_COUNT));
args->Assign(9, new Val(${val.data_count}, TYPE_COUNT));
args->Assign(10, new Val(${val.data_offset}, TYPE_COUNT));
args->Assign(11, new Val(${val.setup_count}, TYPE_COUNT));
BifEvent::generate_smb1_transaction2_request(bro_analyzer(), bro_analyzer()->Conn(), BuildHeaderVal(header), args, ${val.sub_cmd});
}
return true;
%}