📄 dce2_smb.c
字号:
switch (wct) { case 12: break; default: alert = 1; break; } break; case SMB_COM_RENAME: switch (wct) { case 0: break; default: alert = 1; break; } break; default: DCE2_Log("%s(%d) => Word count check for unused command: 0x%02x\n", __FILE__, __LINE__, com); break; } } if (alert) { DCE2_Alert(&ssd->sd, DCE2_EVENT__SMB_BAD_WCT, dce2_smb_coms[com], wct); return -1; } return SMB_COM_SIZE(wct);}/******************************************************************** * Function: * * Purpose: * * Arguments: * * Returns: * ********************************************************************/static int DCE2_SmbGetBcc(DCE2_SmbSsnData *ssd, const SmbNtHdr *smb_hdr, const SmbCommon *com_ptr, const uint16_t com_size, const int com){ const int smb_type = SmbType(smb_hdr); const uint8_t wct = SmbWct(com_ptr); const uint16_t bcc = SmbBcc((uint8_t *)com_ptr, com_size); int alert = 0; if (smb_type == SMB_TYPE__REQUEST) { switch (com) { case SMB_COM_NEGPROT: if (bcc < 2) alert = 1; break; case SMB_COM_SESS_SETUP_ANDX: break; case SMB_COM_LOGOFF_ANDX: if (bcc != 0) alert = 1; break; case SMB_COM_TREE_CON: if (bcc < 4) alert = 1; break; case SMB_COM_TREE_CON_ANDX: if (bcc < 3) alert = 1; break; case SMB_COM_TREE_DIS: if (bcc != 0) alert = 1; break; case SMB_COM_OPEN: if (bcc < 2) alert = 1; break; case SMB_COM_OPEN_ANDX: if (bcc < 1) alert = 1; break; case SMB_COM_NT_CREATE_ANDX: break; case SMB_COM_CLOSE: if (bcc != 0) alert = 1; break; case SMB_COM_WRITE: if (bcc < 3) alert = 1; break; case SMB_COM_TRANS: break; case SMB_COM_TRANS_SEC: break; case SMB_COM_WRITE_AND_CLOSE: if (bcc < 1) alert = 1; break; case SMB_COM_WRITE_BLOCK_RAW: break; case SMB_COM_WRITE_ANDX: break; case SMB_COM_READ: if (bcc != 0) alert = 1; break; case SMB_COM_READ_BLOCK_RAW: if (bcc != 0) alert = 1; break; case SMB_COM_READ_ANDX: if (bcc != 0) alert = 1; break; case SMB_COM_RENAME: if (bcc < 4) alert = 1; break; default: DCE2_Log("%s(%d) => Byte count check for unused command\n", __FILE__, __LINE__); break; } } else /* it's a response */ { switch (com) { case SMB_COM_NEGPROT: break; case SMB_COM_SESS_SETUP_ANDX: break; case SMB_COM_LOGOFF_ANDX: if (bcc != 0) alert = 1; break; case SMB_COM_TREE_CON: break; case SMB_COM_TREE_CON_ANDX: if (bcc < 3) alert = 1; break; case SMB_COM_TREE_DIS: if (bcc != 0) alert = 1; break; case SMB_COM_OPEN: if (bcc != 0) alert = 1; break; case SMB_COM_OPEN_ANDX: if (bcc != 0) alert = 1; break; case SMB_COM_NT_CREATE_ANDX: if (bcc != 0) alert = 1; break; case SMB_COM_CLOSE: if (bcc != 0) alert = 1; break; case SMB_COM_WRITE: switch (wct) { case 1: break; default: alert = 1; break; } break; case SMB_COM_TRANS: switch (wct) { case 0: /* Interim Transact response - no data */ if (bcc != 0) alert = 1; break; default: break; } break; case SMB_COM_WRITE_AND_CLOSE: break; case SMB_COM_WRITE_BLOCK_RAW: if (bcc != 0) alert = 1; break; case SMB_COM_WRITE_COMPLETE: if (bcc != 0) alert = 1; break; case SMB_COM_WRITE_ANDX: if (bcc != 0) alert = 1; break; case SMB_COM_READ: if (bcc < 3) alert = 1; break; case SMB_COM_READ_ANDX: break; case SMB_COM_RENAME: if (bcc != 0) alert = 1; break; default: DCE2_Log("%s(%d) => Byte count check for unused command\n", __FILE__, __LINE__); break; } } if (alert) { DCE2_Alert(&ssd->sd, DCE2_EVENT__SMB_BAD_BCC, dce2_smb_coms[com], bcc); return -1; } return bcc;}/******************************************************************** * Function: * * Purpose: * * Arguments: * * Returns: * ********************************************************************/static INLINE DCE2_Ret DCE2_SmbCheckComSize(DCE2_SmbSsnData *ssd, const uint32_t nb_len, const uint16_t com_len, const int smb_com){ if (nb_len < com_len) { DCE2_Alert(&ssd->sd, DCE2_EVENT__SMB_NB_LT_COM, dce2_smb_coms[smb_com], nb_len, com_len); return DCE2_RET__ERROR; } return DCE2_RET__SUCCESS;}/******************************************************************** * Function: * * Purpose: * * Arguments: * * Returns: * ********************************************************************/static INLINE DCE2_Ret DCE2_SmbCheckBcc(DCE2_SmbSsnData *ssd, const uint32_t nb_len, const uint16_t bcc, const int smb_com){ if (nb_len < bcc) { DCE2_Alert(&ssd->sd, DCE2_EVENT__SMB_NB_LT_BCC, dce2_smb_coms[smb_com], nb_len, bcc); return DCE2_RET__ERROR; } return DCE2_RET__SUCCESS;}/******************************************************************** * Function: * * Purpose: * * Arguments: * * Returns: * ********************************************************************/static INLINE DCE2_Ret DCE2_SmbCheckDsize(DCE2_SmbSsnData *ssd, const uint32_t nb_len, const uint16_t dsize, const uint16_t bcc, const int smb_com){ if (nb_len < dsize) { DCE2_Alert(&ssd->sd, DCE2_EVENT__SMB_NB_LT_DSIZE, dce2_smb_coms[smb_com], nb_len, dsize); return DCE2_RET__ERROR; } else if (bcc < dsize) { DCE2_Alert(&ssd->sd, DCE2_EVENT__SMB_BCC_LT_DSIZE, dce2_smb_coms[smb_com], bcc, dsize); return DCE2_RET__ERROR; } return DCE2_RET__SUCCESS;}/******************************************************************** * Function: * * Purpose: * * Arguments: * * Returns: * ********************************************************************/static INLINE DCE2_Ret DCE2_SmbCheckTotDcnt(DCE2_SmbSsnData *ssd, const uint16_t dcnt, const uint16_t total_dcnt, const int smb_com){ if (total_dcnt < dcnt) { DCE2_Alert(&ssd->sd, DCE2_EVENT__SMB_TDCNT_LT_DSIZE, dce2_smb_coms[smb_com], (int)total_dcnt, (int)dcnt); return DCE2_RET__ERROR; } else if (total_dcnt == 0) { DCE2_Alert(&ssd->sd, DCE2_EVENT__SMB_TDCNT_ZERO, dce2_smb_coms[smb_com]); return DCE2_RET__ERROR; } return DCE2_RET__SUCCESS;}/******************************************************************** * Function: * * Purpose: * * Arguments: * uint8_t * - pointer to where the offset would take us. * uint8_t * - pointer to bound offset * uint8_t * - length of data where offset should be within * * Returns: * DCE2_RET__SUCCESS - Offset is okay. * DCE2_RET__ERROR - Offset is bad. * ********************************************************************/static INLINE DCE2_Ret DCE2_SmbCheckOffset(DCE2_SmbSsnData *ssd, const uint8_t *off_ptr, const uint8_t *start_bound, const uint32_t length, const int smb_com){ /* Offset should not point within data we just looked at or be equal to * or beyond the length of the NBSS length left */ if ((off_ptr < start_bound) || (off_ptr > (start_bound + length))) { DCE2_Alert(&ssd->sd, DCE2_EVENT__SMB_BAD_OFF, dce2_smb_coms[smb_com], off_ptr, start_bound, start_bound + length); return DCE2_RET__ERROR; } return DCE2_RET__SUCCESS;}/******************************************************************** * Function: * * Purpose: * * Arguments: *⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -