From b7288800daf6e4cc6acc4aacdda4503205839930 Mon Sep 17 00:00:00 2001
From: "Denys Zikratyi -X (dzikraty - SOFTSERVE INC at Cisco)"
 <dzikraty@cisco.com>
Date: Fri, 1 Aug 2025 00:47:24 +0000
Subject: [PATCH] Pull request #4832: appid: fix ASAN issue in
 AppIdHttpSession::set_req_body_field

Merge in SNORT/snort3 from ~DZIKRATY/snort3:fix_asan_issue to master

Squashed commit of the following:

commit 6769d89cff774a17cb6b28ccedefaa928b874228
Author: Denys Zikratyi -X (dzikraty - SOFTSERVE INC at Cisco) <dzikraty@cisco.com>
Date:   Thu Jul 24 04:39:28 2025 -0400

    appid: fix ASAN issue in AppIdHttpSession::set_req_body_field
---
 .../appid/appid_http_session.cc               |  2 +-
 .../appid/test/appid_http_session_test.cc     | 28 +++++++++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/src/network_inspectors/appid/appid_http_session.cc b/src/network_inspectors/appid/appid_http_session.cc
index a40aec761..ab00491e4 100644
--- a/src/network_inspectors/appid/appid_http_session.cc
+++ b/src/network_inspectors/appid/appid_http_session.cc
@@ -842,7 +842,7 @@ void AppIdHttpSession::set_req_body_field(HttpFieldIds id, const uint8_t* str, i
         {
             std::string* req_body = new std::string(*meta_data[id]);
             delete meta_data[id];
-            req_body->append((const char*)str);
+            req_body->append((const char*)str, len);
             meta_data[id] = req_body;
         }
         set_http_change_bits(change_bits, id);
diff --git a/src/network_inspectors/appid/test/appid_http_session_test.cc b/src/network_inspectors/appid/test/appid_http_session_test.cc
index 6df648fea..a7d2f692c 100644
--- a/src/network_inspectors/appid/test/appid_http_session_test.cc
+++ b/src/network_inspectors/appid/test/appid_http_session_test.cc
@@ -337,6 +337,34 @@ TEST(appid_http_session, change_bits_for_referred_appid)
     CHECK_EQUAL(change_bits.test(APPID_REFERRED_BIT), true);
 }
 
+TEST(appid_http_session, set_req_body_field)
+{
+    AppidChangeBits change_bits;
+    const uint8_t test_data1[] = {'a'};
+    const uint8_t test_data2[] = {'b', '1'};
+    const uint8_t test_data3[] = {'c', '2'};
+
+    // Test 1: Setting initial request body field
+    mock_hsession->set_req_body_field(REQ_BODY_FID, test_data1, sizeof(test_data1[0]), change_bits);
+    
+    const std::string* field = mock_hsession->get_field(REQ_BODY_FID);
+    CHECK(field != nullptr);
+    STRCMP_EQUAL(field->c_str(), "a");
+    
+    // Test 2: Appending to existing request body field
+    mock_hsession->set_req_body_field(REQ_BODY_FID, test_data2, sizeof(test_data2[0]), change_bits);
+    
+    field = mock_hsession->get_field(REQ_BODY_FID);
+    CHECK(field != nullptr);
+    STRCMP_EQUAL(field->c_str(), "ab");
+    
+    mock_hsession->set_req_body_field(REQ_BODY_FID, test_data3, sizeof(test_data3[0]), change_bits);
+
+    field = mock_hsession->get_field(REQ_BODY_FID);
+    CHECK(field != nullptr);
+    STRCMP_EQUAL(field->c_str(), "abc");
+}
+
 int main(int argc, char** argv)
 {
     int rc = CommandLineTestRunner::RunAllTests(argc, argv);
-- 
2.47.3