Merge pull request #3078 in SNORT/snort3 from ~MDAGON/snort3:abort to master

author Tom Peters (thopeter) <thopeter@cisco.com>

Thu, 30 Sep 2021 20:12:58 +0000 (20:12 +0000)

committer Tom Peters (thopeter) <thopeter@cisco.com>

Thu, 30 Sep 2021 20:12:58 +0000 (20:12 +0000)
author Tom Peters (thopeter) <thopeter@cisco.com>
Thu, 30 Sep 2021 20:12:58 +0000 (20:12 +0000)
committer Tom Peters (thopeter) <thopeter@cisco.com>
Thu, 30 Sep 2021 20:12:58 +0000 (20:12 +0000)
diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc

index 5473ddbcf36bec18d390418b51bc42ba5df688cc..408735ad944e8eb1100485588ad81c6ccd8fa5ae 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc
+++ b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc
@@ -116,17 +116,21 @@ const StreamBuffer Http2StreamSplitter::reassemble(Flow* flow, unsigned total, u
      Profile profile(Http2Module::get_profile_stats());
  
      copied = len;
+    StreamBuffer frame_buf { nullptr, 0 };
  
      Http2FlowData* session_data = (Http2FlowData*)flow->get_flow_data(Http2FlowData::inspector_id);
-    assert(session_data != nullptr);
+    if (session_data == nullptr)
+    {
+        assert(false);
+        return frame_buf;
+    }
  
  #ifdef REG_TEST
      if (HttpTestManager::use_test_input(HttpTestManager::IN_HTTP2))
      {
-        StreamBuffer http_buf { nullptr, 0 };
          if (!(flags & PKT_PDU_TAIL))
          {
-            return http_buf;
+            return frame_buf;
          }
          bool tcp_close;
          uint8_t* test_buffer;
@@ -140,19 +144,22 @@ const StreamBuffer Http2StreamSplitter::reassemble(Flow* flow, unsigned total, u
          {
              // Source ID does not match test data, no test data was flushed, preparing for a TCP
              // connection close, or there is no more test data
-            return http_buf;
+            return frame_buf;
          }
          data = test_buffer;
      }
  #endif
  
-    assert(!session_data->abort_flow[source_id]);
+    if (session_data->abort_flow[source_id])
+    {
+        assert(false);
+        return frame_buf;
+    }
  
      // FIXIT-P: scan uses this to discard bytes until StreamSplitter:DISCARD
      // is implemented
      if (session_data->payload_discard[source_id])
      {
-        StreamBuffer frame_buf { nullptr, 0 };
          if (flags & PKT_PDU_TAIL)
              session_data->payload_discard[source_id] = false;
  
diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc

index 425147d46f746f418025367013a139f252d2ea93..6175dab86abb528a7d017008d24d74820757259b 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
+++ b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
@@ -383,11 +383,16 @@ const StreamBuffer Http2StreamSplitter::implement_reassemble(Http2FlowData* sess
      unsigned total, unsigned offset, const uint8_t* data, unsigned len, uint32_t flags,
      HttpCommon::SourceId source_id)
  {
-    assert(offset+len <= total);
-    assert(total <= MAX_OCTETS);
  
      StreamBuffer frame_buf { nullptr, 0 };
  
+    if ( total > MAX_OCTETS || offset+len > total)
+    {
+         assert(false);
+         session_data->abort_flow[source_id] = true;
+         return frame_buf;
+    }
+
      if (session_data->frame_type[source_id] == FT_DATA)
      {
          if (len != 0)
author	Tom Peters (thopeter) <thopeter@cisco.com>
	Thu, 30 Sep 2021 20:12:58 +0000 (20:12 +0000)
committer	Tom Peters (thopeter) <thopeter@cisco.com>
	Thu, 30 Sep 2021 20:12:58 +0000 (20:12 +0000)
src/service_inspectors/http2_inspect/http2_stream_splitter.cc		patch \| blob \| blame \| history
src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc		patch \| blob \| blame \| history