Merge pull request #2962 in SNORT/snort3 from ~KATHARVE/snort3:h2i_flow_depth_fix...

Squashed commit of the following:

commit 260a2df1f41085de49e947507deb45a4c42f334b
Author: Katura Harvey <katharve@cisco.com>
Date:   Tue Jun 29 14:59:48 2021 -0400

    http2_inspect: clean data cutter internal state after exhausting flow depth

diff --git a/src/service_inspectors/http2_inspect/http2_data_cutter.cc b/src/service_inspectors/http2_inspect/http2_data_cutter.cc
index 6bba5d79e061226187a00c3b4a4b8fae02324eaf..3966be60d0a9f41b757e9de7f6157f93250d08fe 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_data_cutter.cc
+++ b/src/service_inspectors/http2_inspect/http2_data_cutter.cc
@@ -244,3 +244,9 @@ void Http2DataCutter::reassemble(const uint8_t* data, unsigned len)
     return;
 }
 
+void Http2DataCutter::discard_cleanup()
+{
+    frame_bytes_seen = 0;
+    reassemble_data_bytes_read = 0;
+    reassemble_state = GET_FRAME_HDR;
+}

diff --git a/src/service_inspectors/http2_inspect/http2_data_cutter.h b/src/service_inspectors/http2_inspect/http2_data_cutter.h
index ffccad615a00b5c41bcaf3863e8212435a6554d0..55b750238f45cc65dbef1fbdba1e3ea6e80422ed 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_data_cutter.h
+++ b/src/service_inspectors/http2_inspect/http2_data_cutter.h
@@ -34,6 +34,7 @@ public:
     snort::StreamSplitter::Status scan(const uint8_t* data, uint32_t length,
         uint32_t* flush_offset, uint32_t& data_offset, uint8_t frame_flags);
     void reassemble(const uint8_t* data, unsigned len);
+    void discard_cleanup();
 
 private:
     Http2FlowData* const session_data;

diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
index 964fdd59661025774e26c4b0f6f40c1b6d1ab1fa..425147d46f746f418025367013a139f252d2ea93 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
+++ b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
@@ -234,14 +234,14 @@ StreamSplitter::Status Http2StreamSplitter::implement_scan(Http2FlowData* sessio
                         session_data->scan_frame_header[source_id], FRAME_HEADER_LENGTH);
                 }
                 else
-               {
-                   if (!session_data->continuation_expected[source_id])
+                {
+                    if (!session_data->continuation_expected[source_id])
                     {
                         *session_data->infractions[source_id] += INF_UNEXPECTED_CONTINUATION;
                         session_data->events[source_id]->create_event(EVENT_UNEXPECTED_CONTINUATION);
                         return StreamSplitter::ABORT;
-                   }
-                   // Do flags check for continuation frame, since it is not saved
+                    }
+                    // Do flags check for continuation frame, since it is not saved
                     // as lead frame for later.
                     if ((frame_flags & FLAG_END_HEADERS) != frame_flags)
                     {
@@ -532,8 +532,11 @@ const StreamBuffer Http2StreamSplitter::implement_reassemble(Http2FlowData* sess
     return frame_buf;
 }
 
-void Http2StreamSplitter::discarded_data_frame_cleanup(Http2FlowData* session_data, HttpCommon::SourceId source_id, Http2Stream* stream)
+void Http2StreamSplitter::discarded_data_frame_cleanup(Http2FlowData* session_data,
+    HttpCommon::SourceId source_id, Http2Stream* stream)
 {
+    session_data->data_cutter[source_id].discard_cleanup();
+
     if (stream->get_state(source_id) == STREAM_ERROR ||
         !stream->is_end_stream_on_data_flush(source_id))
         return;