Merge pull request #1484 in SNORT/snort3 from ~SBAIGAL/snort3:ignore_flow_fix to...

Squashed commit of the following:

commit b8a616d3813c26199ca5e216678498e71b31dba8
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date:   Thu Jan 10 14:47:37 2019 -0500

    stream: fixed ignore_flow segfault bug caused by allocating generic flow data instead of inspector specific flow data

diff --git a/src/service_inspectors/ftp_telnet/pp_ftp.cc b/src/service_inspectors/ftp_telnet/pp_ftp.cc
index 8a2068cd4ff99120668a13ff97b42a6a0c2e5e6b..9661945bbd4b3817ab4697749777b25fb0587dac 100644 (file)
--- a/src/service_inspectors/ftp_telnet/pp_ftp.cc
+++ b/src/service_inspectors/ftp_telnet/pp_ftp.cc
@@ -1097,7 +1097,7 @@ static int do_stateful_checks(FTP_SESSION* session, Packet* p,
                                     p, PktType::TCP, IpProtocol::TCP,
                                     &session->clientIP, session->clientPort,
                                     &session->serverIP, session->serverPort,
-                                    SSN_DIR_BOTH, FtpDataFlowData::inspector_id);
+                                    SSN_DIR_BOTH, (new FtpDataFlowData(p)));
                             }
                         }
                     }
@@ -1175,7 +1175,7 @@ static int do_stateful_checks(FTP_SESSION* session, Packet* p,
                                 p, PktType::TCP, IpProtocol::TCP,
                                 &session->clientIP, session->clientPort,
                                 &session->serverIP, session->serverPort,
-                                SSN_DIR_BOTH, FtpDataFlowData::inspector_id);
+                                SSN_DIR_BOTH, (new FtpDataFlowData(p)));
                         }
                     }
                 }

diff --git a/src/service_inspectors/sip/sip_dialog.cc b/src/service_inspectors/sip/sip_dialog.cc
index a349905444a501fdf31ca792b55a1c5d2008dc59..d81ea45f3f06ecce68023291bc15d9968b38ee31 100644 (file)
--- a/src/service_inspectors/sip/sip_dialog.cc
+++ b/src/service_inspectors/sip/sip_dialog.cc
@@ -400,7 +400,7 @@ static int SIP_ignoreChannels(SIP_DialogData* dialog, Packet* p, SIP_PROTO_CONF*
         else
         {
             Stream::ignore_flow(p, p->flow->pkt_type, p->get_ip_proto_next(), &mdataA->maddress,
-                mdataA->mport, &mdataB->maddress, mdataB->mport, SSN_DIR_BOTH, SipFlowData::inspector_id);
+                mdataA->mport, &mdataB->maddress, mdataB->mport, SSN_DIR_BOTH, (new SipFlowData));
         }
         sip_stats.ignoreChannels++;
         mdataA = mdataA->nextM;

diff --git a/src/stream/stream.cc b/src/stream/stream.cc
index a1356ad4ca6b674601674d133532abc1fcbaad54..30d23f4ad81ebf599004eb747a1355657d473600 100644 (file)
--- a/src/stream/stream.cc
+++ b/src/stream/stream.cc
@@ -186,10 +186,9 @@ int Stream::ignore_flow(
     const Packet* ctrlPkt, PktType type, IpProtocol ip_proto,
     const SfIp* srcIP, uint16_t srcPort,
     const SfIp* dstIP, uint16_t dstPort,
-    char direction, uint32_t flowdata_id)
+    char direction, FlowData* fd)
 {
     assert(flow_con);
-    FlowData* fd = new FlowData(flowdata_id);
 
     return flow_con->add_expected(
         ctrlPkt, type, ip_proto, srcIP, srcPort, dstIP, dstPort, direction, fd);

diff --git a/src/stream/stream.h b/src/stream/stream.h
index cae1963842d50f3781ed55ff5f5f68dc0c8b6be1..55d00e443576599caf6475089cfd16fa4e323847 100644 (file)
--- a/src/stream/stream.h
+++ b/src/stream/stream.h
@@ -111,7 +111,7 @@ public:
     // when it arrives.
     static int ignore_flow(
         const Packet* ctrlPkt, PktType, IpProtocol, const snort::SfIp* srcIP, uint16_t srcPort,
-        const snort::SfIp* dstIP, uint16_t dstPort, char direction, uint32_t flowdata_id);
+        const snort::SfIp* dstIP, uint16_t dstPort, char direction, FlowData* fd);
 
     // Resume inspection for flow.
     // FIXIT-L does resume work only for a flow that has been stopped by call to stop_inspection?