Merge pull request #1602 in SNORT/snort3 from ~SMINUT/snort3:appid_fuzz to master

author Tom Peters (thopeter) <thopeter@cisco.com>

Wed, 15 May 2019 18:34:52 +0000 (14:34 -0400)

committer Tom Peters (thopeter) <thopeter@cisco.com>

Wed, 15 May 2019 18:34:52 +0000 (14:34 -0400)
author Tom Peters (thopeter) <thopeter@cisco.com>
Wed, 15 May 2019 18:34:52 +0000 (14:34 -0400)
committer Tom Peters (thopeter) <thopeter@cisco.com>
Wed, 15 May 2019 18:34:52 +0000 (14:34 -0400)
diff --git a/src/service_inspectors/http_inspect/http_msg_header.cc b/src/service_inspectors/http_inspect/http_msg_header.cc

index 8c1e75b7f5c84cf30adf3ca2e79debb90baa7b2a..3e86c9f81d16e2e29a1aa30e5e282ec85d8f6fd3 100644 (file)
--- a/src/service_inspectors/http_inspect/http_msg_header.cc
+++ b/src/service_inspectors/http_inspect/http_msg_header.cc
@@ -49,7 +49,7 @@ void HttpMsgHeader::publish()
      HttpEvent http_event(this);
  
      const char* key = (source_id == SRC_CLIENT) ?
-        HTTP_REQUEST_HEADER_EVENT_KEY : HTTP_RESPONSE_HEADER_EVENT_KEY; 
+        HTTP_REQUEST_HEADER_EVENT_KEY : HTTP_RESPONSE_HEADER_EVENT_KEY;
  
      DataBus::publish(key, http_event, flow);
  }
@@ -151,7 +151,8 @@ void HttpMsgHeader::update_flow()
          return;
      }
  
-    if ((source_id == SRC_SERVER) && ((status_code_num <= 199) || (status_code_num == 204) ||
+    if ((source_id == SRC_SERVER) &&
+        ((100 <= status_code_num && status_code_num <= 199) || (status_code_num == 204) ||
          (status_code_num == 304)))
      {
          // No body allowed by RFC for these response codes. The message is over regardless of the
@@ -521,4 +522,3 @@ void HttpMsgHeader::print_section(FILE* output)
      HttpMsgSection::print_section_wrapup(output);
  }
  #endif
-
diff --git a/src/service_inspectors/http_inspect/http_normalizers.cc b/src/service_inspectors/http_inspect/http_normalizers.cc

index 13867f206b316abd4015801e9a714cab3e4864f2..3c42699365575e2e2bd665a8a1c3998656358425 100644 (file)
--- a/src/service_inspectors/http_inspect/http_normalizers.cc
+++ b/src/service_inspectors/http_inspect/http_normalizers.cc
@@ -73,7 +73,8 @@ int32_t norm_remove_quotes_lws(const uint8_t* in_buf, int32_t in_length, uint8_t
  // values use the first one.
  int64_t norm_decimal_integer(const Field& input)
  {
-    assert(input.length() > 0);
+    if ( input.length() <= 0 )
+        return STAT_PROBLEMATIC;
      // Limited to 18 decimal digits, not including leading zeros, to fit comfortably into int64_t
      int64_t total = 0;
      int non_leading_zeros = 0;
@@ -101,4 +102,3 @@ void get_last_token(const Field& input, Field& last_token, char ichar)
      last_start++;
      last_token.set(input.length() - (last_start - input.start()), last_start);
  }
-
author	Tom Peters (thopeter) <thopeter@cisco.com>
	Wed, 15 May 2019 18:34:52 +0000 (14:34 -0400)
committer	Tom Peters (thopeter) <thopeter@cisco.com>
	Wed, 15 May 2019 18:34:52 +0000 (14:34 -0400)
src/service_inspectors/http_inspect/http_msg_header.cc		patch \| blob \| blame \| history
src/service_inspectors/http_inspect/http_normalizers.cc		patch \| blob \| blame \| history