Merge pull request #1915 in SNORT/snort3 from ~NIHDESAI/snort3:hblock_adjustments...

author Mike Stepanek (mstepane) <mstepane@cisco.com>

Mon, 13 Jan 2020 21:30:04 +0000 (21:30 +0000)

committer Mike Stepanek (mstepane) <mstepane@cisco.com>

Mon, 13 Jan 2020 21:30:04 +0000 (21:30 +0000)
author Mike Stepanek (mstepane) <mstepane@cisco.com>
Mon, 13 Jan 2020 21:30:04 +0000 (21:30 +0000)
committer Mike Stepanek (mstepane) <mstepane@cisco.com>
Mon, 13 Jan 2020 21:30:04 +0000 (21:30 +0000)
diff --git a/src/service_inspectors/http2_inspect/http2_headers_frame.cc b/src/service_inspectors/http2_inspect/http2_headers_frame.cc

index 21b758b633f70c992888bc656a5bdb1f7a66df2e..673acfc4f258a7ab8943c3bae6a9837a39a229e0 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_headers_frame.cc
+++ b/src/service_inspectors/http2_inspect/http2_headers_frame.cc
@@ -48,6 +48,9 @@ Http2HeadersFrame::Http2HeadersFrame(const uint8_t* header_buffer, const int32_t
      if (get_flags() & PRIORITY)
          hpack_headers_offset = 5;
  
+    // No message body after stream bit is set
+    bool no_message_body = (get_flags() & END_STREAM);
+
      // Set up the decoding context
      Http2HpackDecoder& hpack_decoder = session_data->hpack_decoder[source_id];
  
@@ -61,7 +64,7 @@ Http2HeadersFrame::Http2HeadersFrame(const uint8_t* header_buffer, const int32_t
      if (!hpack_decoder.decode_headers((data.start() + hpack_headers_offset), data.length() -
          hpack_headers_offset, decoded_headers,
          start_line_generator, session_data->events[source_id],
-        session_data->infractions[source_id]))
+        session_data->infractions[source_id], no_message_body))
      {
          session_data->frame_type[source_id] = FT__ABORT;
          error_during_decode = true;
diff --git a/src/service_inspectors/http2_inspect/http2_hpack.cc b/src/service_inspectors/http2_inspect/http2_hpack.cc

index dc5f597769359ece4a50029f22880bc48a8e282b..b3a9fc4ef306dff1705e85dac1d14d7e37e53255 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_hpack.cc
+++ b/src/service_inspectors/http2_inspect/http2_hpack.cc
@@ -331,7 +331,7 @@ bool Http2HpackDecoder::decode_header_line(const uint8_t* encoded_header_buffer,
  bool Http2HpackDecoder::decode_headers(const uint8_t* encoded_headers,
      const uint32_t encoded_headers_length, uint8_t* decoded_headers,
      Http2StartLine *start_line_generator, Http2EventGen* stream_events,
-    Http2Infractions* stream_infractions)
+    Http2Infractions* stream_infractions, bool no_message_body)
  {
      uint32_t total_bytes_consumed = 0;
      uint32_t line_bytes_consumed = 0;
@@ -357,11 +357,21 @@ bool Http2HpackDecoder::decode_headers(const uint8_t* encoded_headers,
      if (!start_line->is_finalized())
          success &= finalize_start_line();
  
-    // write the last CRLF to end the header
+    /* Write the last CRLF to end the header
+
+       Adding artificial chunked header to end of HTTP/1.1 decoded header block for H2I to communicate
+       frame boundaries to http_inspect and http_inspect can expect chunked data during inspection */
      if (success)
      {
-        success = write_decoded_headers((const uint8_t*)"\r\n", 2, decoded_headers +
-            decoded_headers_size, MAX_OCTETS - decoded_headers_size, line_bytes_written);
+        if (no_message_body)
+            success = write_decoded_headers((const uint8_t*)"\r\n", 2, decoded_headers +
+                decoded_headers_size, MAX_OCTETS - decoded_headers_size, line_bytes_written);
+        else
+        {
+            const uint8_t chunk_hdr[] = "transfer-encoding: chunked\r\n\r\n";
+            success = write_decoded_headers(chunk_hdr, sizeof(chunk_hdr) - 1, decoded_headers +
+                decoded_headers_size, MAX_OCTETS - decoded_headers_size, line_bytes_written);
+        }
          decoded_headers_size += line_bytes_written;
      }
      else
diff --git a/src/service_inspectors/http2_inspect/http2_hpack.h b/src/service_inspectors/http2_inspect/http2_hpack.h

index cbe6a9e1c8b8817e8fe65ea871c13a2d4e4ec8ab..a9d4368432946ded6f2084dc1877851078ff18c2 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_hpack.h
+++ b/src/service_inspectors/http2_inspect/http2_hpack.h
@@ -38,7 +38,7 @@ public:
      Http2HpackDecoder() { }
      bool decode_headers(const uint8_t* encoded_headers, const uint32_t encoded_headers_length,
          uint8_t* decoded_headers, Http2StartLine* start_line,
-        Http2EventGen* stream_events, Http2Infractions* stream_infractions);
+        Http2EventGen* stream_events, Http2Infractions* stream_infractions, bool no_message_body);
      bool write_decoded_headers(const uint8_t* in_buffer, const uint32_t in_length,
          uint8_t* decoded_header_buffer, uint32_t decoded_header_length, uint32_t& bytes_written);
      bool decode_header_line(const uint8_t* encoded_header_buffer,
author	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Mon, 13 Jan 2020 21:30:04 +0000 (21:30 +0000)
committer	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Mon, 13 Jan 2020 21:30:04 +0000 (21:30 +0000)
src/service_inspectors/http2_inspect/http2_headers_frame.cc		patch \| blob \| blame \| history
src/service_inspectors/http2_inspect/http2_hpack.cc		patch \| blob \| blame \| history
src/service_inspectors/http2_inspect/http2_hpack.h		patch \| blob \| blame \| history