Merge pull request #2193 in SNORT/snort3 from ~MDAGON/snort3:leftover_wpadding to...

author Mike Stepanek (mstepane) <mstepane@cisco.com>

Thu, 30 Apr 2020 20:49:57 +0000 (20:49 +0000)

committer Mike Stepanek (mstepane) <mstepane@cisco.com>

Thu, 30 Apr 2020 20:49:57 +0000 (20:49 +0000)
author Mike Stepanek (mstepane) <mstepane@cisco.com>
Thu, 30 Apr 2020 20:49:57 +0000 (20:49 +0000)
committer Mike Stepanek (mstepane) <mstepane@cisco.com>
Thu, 30 Apr 2020 20:49:57 +0000 (20:49 +0000)
diff --git a/src/service_inspectors/http2_inspect/http2_data_cutter.cc b/src/service_inspectors/http2_inspect/http2_data_cutter.cc

index cb8ea3a5342424044213316af227f1a0129b7ceb..5164c248c03a267367022ee199ab1aeb21496ca4 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_data_cutter.cc
+++ b/src/service_inspectors/http2_inspect/http2_data_cutter.cc
@@ -60,7 +60,7 @@ bool Http2DataCutter::http2_scan(const uint8_t* data, uint32_t length,
              data_state = DATA;
      }
  
-    uint32_t cur_pos = data_offset + leftover_bytes;
+    uint32_t cur_pos = data_offset + leftover_bytes + leftover_padding;
      while ((cur_pos < length) && (data_state != FULL_FRAME))
      {
          switch (data_state)
@@ -112,7 +112,7 @@ bool Http2DataCutter::http2_scan(const uint8_t* data, uint32_t length,
          }
      }
  
-    frame_bytes_seen += (cur_pos - leftover_bytes - data_offset);
+    frame_bytes_seen += (cur_pos - leftover_bytes - data_offset - leftover_padding);
      *flush_offset = data_offset = cur_pos;
      session_data->scan_remaining_frame_octets[source_id] = frame_length - frame_bytes_seen;
      return true;
@@ -137,14 +137,18 @@ StreamSplitter::Status Http2DataCutter::http_scan(const uint8_t* data, uint32_t*
          {
              bytes_sent_http += http_flush_offset;
              leftover_bytes = cur_data + leftover_bytes - http_flush_offset;
-            *flush_offset -= leftover_bytes;
+            if (leftover_bytes != 0 && cur_padding != 0)
+                leftover_padding = cur_padding;
+            else
+                leftover_padding = 0;
+            *flush_offset -= leftover_bytes + leftover_padding;
              if (leftover_bytes || data_state != FULL_FRAME)
                  session_data->mid_data_frame[source_id] = true;
          }
          else if (scan_result == StreamSplitter::SEARCH)
          {
              bytes_sent_http += (cur_data + leftover_bytes);
-            leftover_bytes = 0;
+            leftover_bytes = leftover_padding = 0;
          }
          else if (scan_result == StreamSplitter::ABORT)
              return StreamSplitter::ABORT;
diff --git a/src/service_inspectors/http2_inspect/http2_data_cutter.h b/src/service_inspectors/http2_inspect/http2_data_cutter.h

index 84d04aa029391f46748f02b1e58508702e44fc99..12557aca5b7f3f207277eecbbf92326ba1c3ac03 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_data_cutter.h
+++ b/src/service_inspectors/http2_inspect/http2_data_cutter.h
@@ -54,6 +54,7 @@ private:
      uint32_t padding_read = 0;
      // leftover from previous scan call
      uint32_t leftover_bytes = 0;
+    uint32_t leftover_padding = 0;
      // total per frame - reassemble
      uint32_t reassemble_data_len;
      uint32_t reassemble_padding_len = 0;
author	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Thu, 30 Apr 2020 20:49:57 +0000 (20:49 +0000)
committer	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Thu, 30 Apr 2020 20:49:57 +0000 (20:49 +0000)
src/service_inspectors/http2_inspect/http2_data_cutter.cc		patch \| blob \| blame \| history
src/service_inspectors/http2_inspect/http2_data_cutter.h		patch \| blob \| blame \| history