Merge pull request #711 in SNORT/snort3 from appid_bug_fix_lua to master

Squashed commit of the following:

commit f4a91423f22ff5e3104ae0f67e7f7ebf38c6b5f9
Author: shaslad <shaslad@cisco.com>
Date:   Thu Nov 17 18:40:31 2016 -0500

    Fixing Index issue for few more Client Headers
    Changed code based on review comment

diff --git a/src/network_inspectors/appid/detector_plugins/detector_http.cc b/src/network_inspectors/appid/detector_plugins/detector_http.cc
index 038349d5b9ab53a2ec4917bd8262ac72708315e8..ac854ca01b5f9921afd9ed9280c6eeaf3524cbdb 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_http.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_http.cc
@@ -657,7 +657,7 @@ static int http_pattern_match(void* id, void*, int index, void* data, void*)
     {
         cm = (MatchedPatterns*)snort_calloc(sizeof(MatchedPatterns));
         cm->mpattern = target;
-        cm->index = index;
+        cm->index = index + 1;
         cm->next = nullptr;
         *tmp = cm;
     }
@@ -1722,7 +1722,7 @@ static inline int optionallyReplaceWithStrdup(char** optionalStr, const char* st
 static inline uint8_t* continue_buffer_scan(const uint8_t* start, const uint8_t* end, MatchedPatterns* mp,
     DetectorHTTPPattern* match)
 {
-    uint8_t* bp = (uint8_t*) (start) + mp->index + match->pattern_size;
+    uint8_t* bp = (uint8_t*) (start) + mp->index;
     if( (bp >= end) || (*bp != ' ' && *bp != 0x09 && *bp != '/') )
         return nullptr;
     else
@@ -1860,7 +1860,11 @@ void identify_user_agent(const uint8_t* start, int size, AppId* serviceAppId, Ap
                 goto done;
 
             case APP_ID_GOOGLE_DESKTOP:
-                buffPtr = (uint8_t*)start + tmp->index + match->pattern_size;
+                buffPtr = (uint8_t*)start + tmp->index;
+                
+                if(buffPtr >= end)
+                    break;    
+                
                 if (*buffPtr != ')')
                 {
                     if (*buffPtr != ' ' && *buffPtr != 0x09 && *buffPtr != '/')
@@ -1911,7 +1915,9 @@ void identify_user_agent(const uint8_t* start, int size, AppId* serviceAppId, Ap
                 break;
 
             case APP_ID_WGET:
-                buffPtr = (uint8_t*)start + tmp->index + match->pattern_size;
+                buffPtr = (uint8_t*)start + tmp->index;
+                if(buffPtr >= end)
+                    break;    
                 while (i < MAX_VERSION_SIZE - 1 && buffPtr < end)
                 {
                     temp_ver[i++] = *buffPtr++;
@@ -1960,7 +1966,11 @@ void identify_user_agent(const uint8_t* start, int size, AppId* serviceAppId, Ap
                     temp_ver[0] = 0;
                     i = 0;
                 }
-                buffPtr = (uint8_t*)start + tmp->index + match->pattern_size;
+                buffPtr = (uint8_t*)start + tmp->index;
+
+                if(buffPtr >= end)
+                    break;    
+
                 if (*buffPtr == (uint8_t)'/')
                 {
                     buffPtr++;
@@ -1985,7 +1995,9 @@ void identify_user_agent(const uint8_t* start, int size, AppId* serviceAppId, Ap
                     i =0;
                     /* if we already collected temp_ver information after seeing 'Version', let's
                        use that*/
-                    buffPtr = (uint8_t*)start + tmp->index + match->pattern_size;
+                    buffPtr = (uint8_t*)start + tmp->index;
+                    if(buffPtr >= end)
+                        break;
                     /* we may have to enter the pattern with the / in it. */
                     if (*buffPtr == (uint8_t)'/' || *buffPtr == (uint8_t)' ')
                         buffPtr++;
@@ -2063,7 +2075,11 @@ int get_appid_by_pattern(const uint8_t* data, unsigned size, char** version)
         switch (match->service_id)
         {
         case APP_ID_SQUID:
-            data_ptr = (uint8_t*)data + mp->index + match->pattern_size;
+            data_ptr = (uint8_t*)data + mp->index;
+        
+            if (data_ptr >= end)
+                break;
+        
             if (*data_ptr == '/')
             {
                 data_ptr++;