Merge pull request #2742 in SNORT/snort3 from ~THOPETER/snort3:nhttp154 to master

Squashed commit of the following:

commit 9c6dd8194ed2f3549d7731affc566dc7127a4801
Author: Tom Peters <thopeter@cisco.com>
Date:   Thu Feb 11 13:35:28 2021 -0500

    http_inspect: IPv6 authority in URI

commit ab9cb850c58828dc3ecebe67c3345019dd5433d6
Author: Tom Peters <thopeter@cisco.com>
Date:   Mon Feb 8 11:46:48 2021 -0500

    http_inspect: Javascript support cleanup

diff --git a/src/service_inspectors/http_inspect/http_js_norm.cc b/src/service_inspectors/http_inspect/http_js_norm.cc
index c45d1b47030aaf7afee3e84dc88230f78eebd443..da46624f3879de33acf44b79e9fce82d8bec853b 100644 (file)
--- a/src/service_inspectors/http_inspect/http_js_norm.cc
+++ b/src/service_inspectors/http_inspect/http_js_norm.cc
@@ -98,7 +98,8 @@ void HttpJsNorm::normalize(const Field& input, Field& output, HttpInfractions* i
         if (javascript_search_mpse->find(ptr, end-ptr, search_js_found, false, &mindex) > 0)
         {
             const char* js_start = ptr + mindex;
-            const char* const angle_bracket = (const char*)SnortStrnStr(js_start, end - js_start, ">");
+            const char* const angle_bracket =
+                (const char*)SnortStrnStr(js_start, end - js_start, ">");
             if (angle_bracket == nullptr)
                 break;
 
@@ -143,7 +144,6 @@ void HttpJsNorm::normalize(const Field& input, Field& output, HttpInfractions* i
             if (!type_js)
                 continue;
 
-            // FIXIT-L need to fix this library so we don't have to cast away const here.
             JSNormalizeDecode(js_start, (uint16_t)(end-js_start), (char*)buffer+index,
                 (uint16_t)(input.length() - index), &ptr, &bytes_copied, &js,
                 uri_param.iis_unicode ? uri_param.unicode_map : nullptr);
@@ -158,7 +158,8 @@ void HttpJsNorm::normalize(const Field& input, Field& output, HttpInfractions* i
     {
         if ((ptr < end) && ((input.length() - index) >= (end - ptr)))
         {
-            memmove_s(buffer + index, input.length() - index, ptr, end - ptr); index += end - ptr;
+            memmove_s(buffer + index, input.length() - index, ptr, end - ptr);
+            index += end - ptr;
         }
         if (js.alerts)
         {

diff --git a/src/service_inspectors/http_inspect/http_uri.cc b/src/service_inspectors/http_inspect/http_uri.cc
index 2a6b690c82bbc638af04a67858cac79991ae5da1..c6169051866c788297ceb1098bfacb5d17fa6e57 100644 (file)
--- a/src/service_inspectors/http_inspect/http_uri.cc
+++ b/src/service_inspectors/http_inspect/http_uri.cc
@@ -100,8 +100,17 @@ void HttpUri::parse_authority()
         port.set(STAT_NO_SOURCE);
         return;
     }
-    int32_t host_len;
-    for (host_len = 0; (host_len < authority.length()) && (authority.start()[host_len] != ':');
+    
+    int32_t host_len = 0;
+
+    // IPv6 addresses are surrounded by [] to protect embedded colons
+    if (authority.start()[0] == '[')
+    {
+        for (; (host_len < authority.length()) && (authority.start()[host_len] != ']');
+            host_len++);
+    }
+
+    for (; (host_len < authority.length()) && (authority.start()[host_len] != ':');
         host_len++);
     host.set(host_len, authority.start());
     if (host.length() < authority.length())