Pull request #4423: http_inspect: when cutting chunks check for MAX_OCTETS too

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:max_octets to master

Squashed commit of the following:

commit 310c5907c602cc5d46f24ddfb711d0033cd50c3e
Author: Adrian Mamolea <admamole@cisco.com>
Date:   Mon Aug 19 14:54:13 2024 -0400

    http_inspect: when cutting chunks check for MAX_OCTETS too

diff --git a/src/service_inspectors/http_inspect/http_cutter.cc b/src/service_inspectors/http_inspect/http_cutter.cc
index 62643f4cee5b2d232e23d66b4745d30518e8922f..1701c493ef69d8c27f99d14636fa3fcb2110c087 100644 (file)
--- a/src/service_inspectors/http_inspect/http_cutter.cc
+++ b/src/service_inspectors/http_inspect/http_cutter.cc
@@ -752,9 +752,10 @@ ScanResult HttpBodyChunkCutter::cut(const uint8_t* buffer, uint32_t length,
         return SCAN_DISCARD_PIECE;
     }
 
-    if (data_seen >= flow_target)
+    if (data_seen >= flow_target || octets_seen + length == MAX_OCTETS)
     {
         // We passed the flow_target and stretched to the end of the segment
+        // Or we reached the max we can reassemble in current section
         data_seen = 0;
         num_flush = length;
         return SCAN_FOUND_PIECE;