Pull request #4017: http_inspect: clear fake headers snapshot for 0.9 response

Merge in SNORT/snort3 from ~MDAGON/snort3:zero_nine to master

Squashed commit of the following:

commit 6cb2056dfb53780d8a70b69611a85b8cf2f635f4
Author: maya dagon <mdagon@cisco.com>
Date:   Thu Sep 21 11:40:03 2023 -0400

    http_inspect: clear fake headers snapshot for 0.9 response

diff --git a/src/service_inspectors/http_inspect/http_inspect.cc b/src/service_inspectors/http_inspect/http_inspect.cc
index 76cc2cf7a74d01040427b666efec51dea245776e..d1e26027da4981b1f6692eeabd4466066d938754 100755 (executable)
--- a/src/service_inspectors/http_inspect/http_inspect.cc
+++ b/src/service_inspectors/http_inspect/http_inspect.cc
@@ -697,11 +697,10 @@ const uint8_t* HttpInspect::adjust_log_packet(Packet* p, uint16_t& length)
     else
         return nullptr;
 
-    // FIXIT-L IPV6 regression test fails with IPv6 anomaly check enabled and
-    // 'other_section' is NULL. Seems to be a bug in HNI. Needs investigation
-    if (!other_section)
+    assert(other_section != nullptr);
+    if (other_section == nullptr)
         return nullptr;
-    
+
     const Field& start_line = other_section->get_classic_buffer(id, 0, 0);
     if (start_line.length() > 0)
     {

diff --git a/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc b/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc
index 63bd0e1c3cc2c64f5b0934a4c7bc169fc483189a..e32d6309c068a5d3213c27724a4932b4dff22bef 100644 (file)
--- a/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc
+++ b/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc
@@ -27,6 +27,7 @@
 #include "protocols/packet.h"
 
 #include "http_common.h"
+#include "http_context_data.h"
 #include "http_cutter.h"
 #include "http_enum.h"
 #include "http_inspect.h"
@@ -238,6 +239,10 @@ StreamSplitter::Status HttpStreamSplitter::scan(Flow* flow, const uint8_t* data,
         prepare_flush(session_data, nullptr, SEC_HEADER, 0, 0, 0, false, 0, 0);
         my_inspector->process((const uint8_t*)"", 0, flow, SRC_SERVER, false, nullptr);
         session_data->transaction[SRC_SERVER]->clear_section();
+        HttpContextData* hcd = (HttpContextData*)DetectionEngine::get_data(HttpContextData::ips_id);
+        assert(hcd != nullptr);
+        if (hcd != nullptr)
+            hcd->clear();
     }
 
     HttpCutter*& cutter = session_data->cutter[source_id];