Merge pull request #1998 in SNORT/snort3 from ~THOPETER/snort3:nhttp134 to master

author Michael Altizer (mialtize) <mialtize@cisco.com>

Thu, 13 Feb 2020 03:28:48 +0000 (03:28 +0000)

committer Michael Altizer (mialtize) <mialtize@cisco.com>

Thu, 13 Feb 2020 03:28:48 +0000 (03:28 +0000)
author Michael Altizer (mialtize) <mialtize@cisco.com>
Thu, 13 Feb 2020 03:28:48 +0000 (03:28 +0000)
committer Michael Altizer (mialtize) <mialtize@cisco.com>
Thu, 13 Feb 2020 03:28:48 +0000 (03:28 +0000)
diff --git a/src/service_inspectors/http_inspect/http_enum.h b/src/service_inspectors/http_inspect/http_enum.h

index ed61be7463c58141ad144c3bcab92bcc03110a58..40719bdda2883715278ef0cae7ec1a33cc6f7782 100644 (file)
--- a/src/service_inspectors/http_inspect/http_enum.h
+++ b/src/service_inspectors/http_inspect/http_enum.h
@@ -27,7 +27,6 @@ namespace HttpEnums
  static const int MAX_OCTETS = 63780;
  static const int GZIP_BLOCK_SIZE = 2048;
  static const int MAX_SECTION_STRETCH = 1460;
-static const int MIN_FILE_BLOCK_SIZE = 1;
  
  static const uint32_t HTTP_GID = 119;
  static const int GZIP_WINDOW_BITS = 31;
diff --git a/src/service_inspectors/http_inspect/http_msg_section.cc b/src/service_inspectors/http_inspect/http_msg_section.cc

index 5aca2b809e745ec4964adfe77c022beeac37d13f..b3a2fbab0761762654a01de1cda6a33e93fcc1c2 100644 (file)
--- a/src/service_inspectors/http_inspect/http_msg_section.cc
+++ b/src/service_inspectors/http_inspect/http_msg_section.cc
@@ -92,6 +92,9 @@ void HttpMsgSection::update_depth() const
          session_data->detection_status[source_id] = DET_DEACTIVATING;
      }
  
+    const unsigned target_size = (session_data->compression[source_id] == CMP_NONE) ?
+        SnortConfig::get_conf()->max_pdu : GZIP_BLOCK_SIZE;
+
      if (detect_depth_remaining <= 0)
      {
          if (file_depth_remaining <= 0)
@@ -101,16 +104,13 @@ void HttpMsgSection::update_depth() const
          }
          else
          {
-            // Just for file processing. Split on packet boundaries.
-            session_data->section_size_target[source_id] = MIN_FILE_BLOCK_SIZE;
+            // Just for file processing.
+            session_data->section_size_target[source_id] = target_size;
              session_data->stretch_section_to_packet[source_id] = true;
          }
          return;
      }
  
-    const unsigned target_size = (session_data->compression[source_id] == CMP_NONE) ?
-        SnortConfig::get_conf()->max_pdu : GZIP_BLOCK_SIZE;
-
      if (detect_depth_remaining <= target_size)
      {
          // Go to detection as soon as detect depth is reached
author	Michael Altizer (mialtize) <mialtize@cisco.com>
	Thu, 13 Feb 2020 03:28:48 +0000 (03:28 +0000)
committer	Michael Altizer (mialtize) <mialtize@cisco.com>
	Thu, 13 Feb 2020 03:28:48 +0000 (03:28 +0000)
src/service_inspectors/http_inspect/http_enum.h		patch \| blob \| blame \| history
src/service_inspectors/http_inspect/http_msg_section.cc		patch \| blob \| blame \| history