Skip to content

Commit

Permalink
dcerpc: accept ALTER_CONTEXT as a valid request
Browse files Browse the repository at this point in the history 
So far, if only the starting request was a DCERPC request, it would be
considered DCERPC traffic. Since ALTER_CONTEXT is a valid request type,
it should be accepted too.

Reported and patch proposed in the following Redmine ticket by
InterNALXz.

Bug 6191

(cherry picked from commit 8770431)
  • Loading branch information
@inashivb @victorjulien
inashivb authored and victorjulien committed Jul 29, 2023
1 parent bbfc445 commit 9e2fb15
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion rust/src/dcerpc/dcerpc.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1338,7 +1338,7 @@ pub unsafe extern "C" fn rs_dcerpc_get_stub_data(
fn probe(input: &[u8]) -> (bool, bool) {
match parser::parse_dcerpc_header(input) {
Ok((_, hdr)) => {
let is_request = hdr.hdrtype == 0x00;
let is_request = hdr.hdrtype == 0x00 || hdr.hdrtype == 0x0e;
let is_dcerpc = hdr.rpc_vers == 0x05 && hdr.rpc_vers_minor == 0x00;
return (is_dcerpc, is_request);
},
Expand Down

0 comments on commit 9e2fb15

Please sign in to comment.