Skip to content

detect/dcerpc: avoids FP on dcerpc.iface keyword#15355

Merged
victorjulien merged 1 commit into
OISF:main-8.0.xfrom
catenacyber:backport8-8457-v1
May 11, 2026
Merged

detect/dcerpc: avoids FP on dcerpc.iface keyword#15355
victorjulien merged 1 commit into
OISF:main-8.0.xfrom
catenacyber:backport8-8457-v1

Conversation

@catenacyber
Copy link
Copy Markdown
Contributor

@catenacyber catenacyber commented May 10, 2026

@catenacyber
detect/dcerpc: avoids FP on dcerpc.iface keyword
ad9d979 
When we got a bind without the first fragment flag, and did not
set any_frag in the signature, the signature always matched,
whatever the uuid value

Ticket: 8457
(cherry picked from commit e388888)
@catenacyber catenacyber requested a review from jasonish as a code owner May 10, 2026 20:11
@victorjulien victorjulien added this to the 8.0 milestone May 10, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 10, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 88.88889% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 81.63%. Comparing base (abf9985) to head (ad9d979).
⚠️ Report is 1 commits behind head on main-8.0.x.

Additional details and impacted files 
@@              Coverage Diff               @@
##           main-8.0.x   #15355      +/-   ##
==============================================
+ Coverage       81.62%   81.63%   +0.01%     
==============================================
  Files            1012     1012              
  Lines          275230   275226       -4     
==============================================
+ Hits           224655   224689      +34     
+ Misses          50575    50537      -38
Flag Coverage Δ
fuzzcorpus 64.14% <100.00%> (+0.01%) ⬆️
livemode 18.79% <0.00%> (-0.07%) ⬇️
netns 20.07% <0.00%> (+<0.01%) ⬆️
pcap 44.66% <0.00%> (-0.02%) ⬇️
suricata-verify 64.97% <100.00%> (+0.02%) ⬆️
unittests 58.84% <0.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@victorjulien victorjulien mentioned this pull request May 11, 2026
Merged
@suricata-qa
Copy link
Copy Markdown

suricata-qa commented May 11, 2026

Information: QA ran without warnings.

Pipeline = 31343

inashivb
inashivb reviewed May 11, 2026
View reviewed changes
Comment thread rust/src/dcerpc/detect.rs
if !detect_match_uint(x, uuidentry.version) {
SCLogDebug!("Interface version did not match");
ret &= 0;
continue
Copy link
Copy Markdown
Member

@inashivb inashivb May 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wow I didn't know statements were acceptable without semicolon

Copy link
Copy Markdown
Member

@inashivb inashivb May 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or does it take it as a return statement and do something funky?

@victorjulien victorjulien merged commit ad9d979 into OISF:main-8.0.x May 11, 2026
118 checks passed
@victorjulien
Copy link
Copy Markdown
Member

victorjulien commented May 11, 2026

Merged in #15359, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@inashivb inashivb inashivb left review comments

@victorjulien victorjulien victorjulien approved these changes

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

Assignees

No one assigned

Labels

None yet

Milestone

8.0

Development

Successfully merging this pull request may close these issues.

4 participants

@catenacyber @suricata-qa @victorjulien @inashivb