Merge pull request #2245 in SNORT/snort3 from ~MDAGON/snort3:h2i_bugfix to master

Squashed commit of the following:

commit ef7c26b0cbf07e69b4d0073d565a5433c6dd617c
Author: mdagon <mdagon@cisco.com>
Date:   Thu Jun 4 16:27:52 2020 -0400

    http2_inspect: partial inspect with less than 8 bytes of frame header in the same packet

diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
index be133c42ca84c414aa7e532c7da65b1fe79273b1..ec93ad0ec0de776a5af0a81ca671f5142c312332 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
+++ b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
@@ -354,8 +354,23 @@ const StreamBuffer Http2StreamSplitter::implement_reassemble(Http2FlowData* sess
 
     if (session_data->frame_type[source_id] == FT_DATA)
     {
-        if (session_data->flushing_data[source_id] && (flags & PKT_PDU_TAIL))
-            len -= (FRAME_HEADER_LENGTH - 1);
+        if (session_data->flushing_data[source_id])
+        {
+            assert(total  > (FRAME_HEADER_LENGTH - 1));
+            const uint32_t total_data = total - (FRAME_HEADER_LENGTH - 1);
+            if (offset+len > total_data)
+            {
+                // frame header that caused the flush is included in current data
+                if (offset > total_data)
+                    len = 0; // only header bytes
+                else
+                {
+                    const uint32_t frame_hdr_bytes =  offset + len - total_data;
+                    assert(len >= frame_hdr_bytes);
+                    len -= frame_hdr_bytes;
+                }
+            }
+        }
 
         if (len != 0)
         {