]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
Merge pull request #1602 in SNORT/snort3 from ~SMINUT/snort3:appid_fuzz to master
authorTom Peters (thopeter) <thopeter@cisco.com>
Wed, 15 May 2019 18:34:52 +0000 (14:34 -0400)
committerTom Peters (thopeter) <thopeter@cisco.com>
Wed, 15 May 2019 18:34:52 +0000 (14:34 -0400)
Squashed commit of the following:

commit dd95d711880a5401e8486fd2d59ad8a85a5fa5c5
Author: Silviu Minut <sminut@cisco.com>
Date:   Fri May 10 15:58:53 2019 -0400

    http_inspect: fix status_code_num bug in HttpMsgHeader::update_flow() that leads to assert on input.length()>0 in norm_decimal_integer.

src/service_inspectors/http_inspect/http_msg_header.cc
src/service_inspectors/http_inspect/http_normalizers.cc

index 8c1e75b7f5c84cf30adf3ca2e79debb90baa7b2a..3e86c9f81d16e2e29a1aa30e5e282ec85d8f6fd3 100644 (file)
@@ -49,7 +49,7 @@ void HttpMsgHeader::publish()
     HttpEvent http_event(this);
 
     const char* key = (source_id == SRC_CLIENT) ?
-        HTTP_REQUEST_HEADER_EVENT_KEY : HTTP_RESPONSE_HEADER_EVENT_KEY; 
+        HTTP_REQUEST_HEADER_EVENT_KEY : HTTP_RESPONSE_HEADER_EVENT_KEY;
 
     DataBus::publish(key, http_event, flow);
 }
@@ -151,7 +151,8 @@ void HttpMsgHeader::update_flow()
         return;
     }
 
-    if ((source_id == SRC_SERVER) && ((status_code_num <= 199) || (status_code_num == 204) ||
+    if ((source_id == SRC_SERVER) &&
+        ((100 <= status_code_num && status_code_num <= 199) || (status_code_num == 204) ||
         (status_code_num == 304)))
     {
         // No body allowed by RFC for these response codes. The message is over regardless of the
@@ -521,4 +522,3 @@ void HttpMsgHeader::print_section(FILE* output)
     HttpMsgSection::print_section_wrapup(output);
 }
 #endif
-
index 13867f206b316abd4015801e9a714cab3e4864f2..3c42699365575e2e2bd665a8a1c3998656358425 100644 (file)
@@ -73,7 +73,8 @@ int32_t norm_remove_quotes_lws(const uint8_t* in_buf, int32_t in_length, uint8_t
 // values use the first one.
 int64_t norm_decimal_integer(const Field& input)
 {
-    assert(input.length() > 0);
+    if ( input.length() <= 0 )
+        return STAT_PROBLEMATIC;
     // Limited to 18 decimal digits, not including leading zeros, to fit comfortably into int64_t
     int64_t total = 0;
     int non_leading_zeros = 0;
@@ -101,4 +102,3 @@ void get_last_token(const Field& input, Field& last_token, char ichar)
     last_start++;
     last_token.set(input.length() - (last_start - input.start()), last_start);
 }
-