Pull request #3481: rna: Use the longest user agent fingerprint among multiple matches

Merge in SNORT/snort3 from ~MASHASAN/snort3:longest_ua_match to master

Squashed commit of the following:

commit b4dbadacd3b980129546806c411de4da6f96e5ff
Author: Masud Hasan <mashasan@cisco.com>
Date:   Fri Jun 17 10:31:03 2022 -0400

    rna: Use the longest user agent fingerprint among multiple matches

diff --git a/src/network_inspectors/rna/rna_fingerprint_ua.cc b/src/network_inspectors/rna/rna_fingerprint_ua.cc
index 6abb849e801128893f12fc1cacee3634e9edd517..6d77f847fb1f484f2854cd085cf8074bc62facde 100644 (file)
--- a/src/network_inspectors/rna/rna_fingerprint_ua.cc
+++ b/src/network_inspectors/rna/rna_fingerprint_ua.cc
@@ -180,6 +180,7 @@ static inline UaFingerprint* search_ua_fp(SearchTool* mpse, const char* start, u
 
     sort(matched_parts.begin(), matched_parts.end(), CompareParts());
 
+    UaFingerprint* matched_fp = nullptr;
     uint32_t cur_fpid = 0, part_num = 0;
     for (auto& fp : matched_parts)
     {
@@ -191,11 +192,12 @@ static inline UaFingerprint* search_ua_fp(SearchTool* mpse, const char* start, u
 
         if ( part_num == fp->part_num )
         {
-            if ( ++part_num == fp->total_parts )
-                return fp;
+            if ( ++part_num == fp->total_parts and
+                ( !matched_fp or matched_fp->user_agent.size() < fp->user_agent.size() ) )
+                    matched_fp = fp;
         }
     }
-    return nullptr;
+    return matched_fp;
 }
 
 void UaFpProcessor::match_mpse(const char* host, const char* uagent, const UaFingerprint*& osfp,