Batch backports 6.0.x/1.1: Backports of 5550, 5604

rust/src/applayer.rs

@@ -23,6 +23,49 @@ use crate::filecontainer::FileContainer;
 use crate::applayer;
 use std::os::raw::{c_void,c_char,c_int};
 
+#[repr(C)]
+pub struct StreamSlice {
+    input: *const u8,
+    input_len: u32,
+    /// STREAM_* flags
+    flags: u8,
+    offset: u64,
+}
+
+impl StreamSlice {
+
+    /// Create a StreamSlice from a Rust slice. Useful in unit tests.
+    pub fn from_slice(slice: &[u8], flags: u8, offset: u64) -> Self {
+        Self {
+            input: slice.as_ptr() as *const u8,
+            input_len: slice.len() as u32,
+            flags,
+            offset
+        }
+    }
+
+    pub fn is_gap(&self) -> bool {
+        self.input.is_null() && self.input_len > 0
+    }
+    pub fn gap_size(&self) -> u32 {
+        self.input_len
+    }
+    pub fn as_slice(&self) -> &[u8] {
+        unsafe { std::slice::from_raw_parts(self.input, self.input_len as usize) }
+    }
+    pub fn is_empty(&self) -> bool {
+        self.input_len == 0
+    }
+    pub fn len(&self) -> u32 {
+        self.input_len
+    }
+    pub fn offset_from(&self, slice: &[u8]) -> u32 {
+        self.len() - slice.len() as u32
+    }
+    pub fn flags(&self) -> u8 {
+        self.flags
+    }
+}
 #[repr(C)]
 #[derive(Debug,PartialEq)]
 pub struct AppLayerTxConfig {

rust/src/dns/dns.rs

@@ -500,7 +500,17 @@ impl DNSState {
                                                         event as u8);
     }
 
-    pub fn parse_request(&mut self, input: &[u8]) -> bool {
+    fn validate_header(&self, input: &[u8]) -> bool {
+        parser::dns_parse_header(input)
+            .map(|(_, header)| probe_header_validity(header, input.len()).0)
+            .unwrap_or(false)
+    }
+
+    fn parse_request(&mut self, input: &[u8], is_tcp: bool) -> bool {
+        if !self.validate_header(input) {
+            return !is_tcp;
+        }
+
         match parser::dns_parse_request(input) {
             Ok((_, request)) => {
                 if request.header.flags & 0x8000 != 0 {
@@ -543,7 +553,21 @@ impl DNSState {
         }
     }
 
-    pub fn parse_response(&mut self, input: &[u8]) -> bool {
+    fn parse_request_udp(&mut self, stream_slice: StreamSlice) -> bool {
+        let input = stream_slice.as_slice();
+        self.parse_request(input, false)
+    }
+
+    fn parse_response_udp(&mut self,  stream_slice: StreamSlice) -> bool {
+        let input = stream_slice.as_slice();
+        self.parse_response(input, false)
+    }
+
+    pub fn parse_response(&mut self, input: &[u8], is_tcp: bool) -> bool {
+        if !self.validate_header(input) {
+            return !is_tcp;
+        }
+
         match parser::dns_parse_response(input) {
             Ok((_, response)) => {
 
@@ -620,8 +644,8 @@ impl DNSState {
             SCLogDebug!("[request] Have {} bytes, need {} to parse",
                         cur_i.len(), size + 2);
             if size > 0 && cur_i.len() >= size + 2 {
-                let msg = &cur_i[0..(size + 2)];
-                if self.parse_request(&msg[2..]) {
+                let msg = &cur_i[2..(size + 2)];
+                if self.parse_request(msg, true) {
                     cur_i = &cur_i[(size + 2)..];
                     consumed += size  + 2;
                 } else {
@@ -667,8 +691,8 @@ impl DNSState {
             SCLogDebug!("[response] Have {} bytes, need {} to parse",
                         cur_i.len(), size + 2);
             if size > 0 && cur_i.len() >= size + 2 {
-                let msg = &cur_i[0..(size + 2)];
-                if self.parse_response(&msg[2..]) {
+                let msg = &cur_i[2..(size + 2)];
+                if self.parse_response(msg, true) {
                     cur_i = &cur_i[(size + 2)..];
                     consumed += size + 2;
                 } else {
@@ -706,16 +730,19 @@ impl DNSState {
 const DNS_HEADER_SIZE: usize = 12;
 
 fn probe_header_validity(header: DNSHeader, rlen: usize) -> (bool, bool, bool) {
-    if 2 * (header.additional_rr as usize
-        + header.answer_rr as usize
-        + header.authority_rr as usize
-        + header.questions as usize)
-        + DNS_HEADER_SIZE
-        > rlen
-    {
-        //not enough data for such a DNS record
+    let min_msg_size = 2
+        * (header.additional_rr as usize
+            + header.answer_rr as usize
+            + header.authority_rr as usize
+            + header.questions as usize)
+        + DNS_HEADER_SIZE;
+
+    if min_msg_size > rlen {
+        // Not enough data for records defined in the header, or
+        // impossibly large.
         return (false, false, false);
     }
+
     let is_request = header.flags & 0x8000 == 0;
     return (true, is_request, false);
 }
@@ -812,11 +839,8 @@ pub extern "C" fn rs_dns_parse_request(_flow: *const core::Flow,
                                        -> AppLayerResult {
     let state = cast_pointer!(state, DNSState);
     let buf = unsafe{std::slice::from_raw_parts(input, input_len as usize)};
-    if state.parse_request(buf) {
-        AppLayerResult::ok()
-    } else {
-        AppLayerResult::err()
-    }
+    state.parse_request_udp(StreamSlice::from_slice(buf, STREAM_TOSERVER, 0));
+    AppLayerResult::ok()
 }
 
 #[no_mangle]
@@ -830,11 +854,8 @@ pub extern "C" fn rs_dns_parse_response(_flow: *const core::Flow,
                                         -> AppLayerResult {
     let state = cast_pointer!(state, DNSState);
     let buf = unsafe{std::slice::from_raw_parts(input, input_len as usize)};
-    if state.parse_response(buf) {
-        AppLayerResult::ok()
-    } else {
-        AppLayerResult::err()
-    }
+    state.parse_response_udp(StreamSlice::from_slice(buf, STREAM_TOCLIENT, 0));
+    AppLayerResult::ok()
 }
 
 /// C binding parse a DNS request. Returns 1 on success, -1 on failure.
@@ -1387,7 +1408,7 @@ mod tests {
             0x80,
         ];
         let mut state = DNSState::new();
-        assert!(state.parse_response(buf));
+        assert!(state.parse_response(buf, false));
     }
 
     // Port of the C RustDNSUDPParserTest02 unit test.
@@ -1407,7 +1428,7 @@ mod tests {
             0x10,0x00,0x02,0xC0,0x85,0x00,0x00,0x29,0x05,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         ];
         let mut state = DNSState::new();
-        assert!(state.parse_response(buf));
+        assert!(state.parse_response(buf, false));
     }
 
     // Port of the C RustDNSUDPParserTest03 unit test.
@@ -1427,7 +1448,7 @@ mod tests {
             0x29,0x05,0x00,0x00,0x00,0x00,0x00,0x00,0x00
         ];
         let mut state = DNSState::new();
-        assert!(state.parse_response(buf));
+        assert!(state.parse_response(buf, false));
     }
 
     // Port of the C RustDNSUDPParserTest04 unit test.
@@ -1451,7 +1472,7 @@ mod tests {
             0x6b,0x00,0x01,0x00,0x01,0x00,0x09,0x3a,0x80,0x00,0x04,0x0a,0x1e,0x1c,0x5f
         ];
         let mut state = DNSState::new();
-        assert!(state.parse_response(buf));
+        assert!(state.parse_response(buf, false));
     }
 
     // Port of the C RustDNSUDPParserTest05 unit test.
@@ -1475,7 +1496,7 @@ mod tests {
             0x6b,0x00,0x01,0x00,0x01,0x00,0x09,0x3a,0x80,0x00,0x04,0x0a,0x1e,0x1c,0x5f
         ];
         let mut state = DNSState::new();
-        assert!(!state.parse_response(buf));
+        assert!(!state.parse_response(buf, false));
     }
 
     // Port of the C RustDNSTCPParserTestMultiRecord unit test.