]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
Merge pull request #1700 in SNORT/snort3 from ~KATHARVE/snort3:0_byte_workaround...
authorMike Stepanek (mstepane) <mstepane@cisco.com>
Wed, 7 Aug 2019 20:47:27 +0000 (16:47 -0400)
committerMike Stepanek (mstepane) <mstepane@cisco.com>
Wed, 7 Aug 2019 20:47:27 +0000 (16:47 -0400)
Squashed commit of the following:

commit 83d922a1dc71b2f874e32ed35d2692598b3bc31a
Author: Katura Harvey <katharve@cisco.com>
Date:   Tue Jul 30 13:37:30 2019 -0400

    http_inspect: remove 0-byte workaround

src/managers/inspector_manager.cc
src/service_inspectors/http_inspect/http_flow_data.h
src/service_inspectors/http_inspect/http_inspect.cc
src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc
src/stream/tcp/tcp_reassembler.cc

index 0315a87b4dbc7c7fa734d8b052a65f1cd76c5cff..55e87d74bd33ba0f9f33e6e202bd6b2d0771b277 100644 (file)
@@ -1022,7 +1022,9 @@ void InspectorManager::full_inspection(Packet* p)
     if ( flow->service and flow->clouseau and !p->is_cooked() )
         bumble(p);
 
-    if ( !p->dsize )
+    // For reassembled PDUs, a null data buffer signals no detection. Detection can be required
+    // with a length of 0. For raw packets, a length of 0 does signal no detection.
+    if ( (p->is_cooked() and !p->data) or (!p->is_cooked() and !p->dsize) )
         DetectionEngine::disable_content(p);
 
     else if ( flow->gadget && flow->gadget->likes(p) )
index 42769c3270be66141be08ce84b56e043038c07f2..36558c8e635b9ed34c496f22f8dd254926c5fbc4 100644 (file)
@@ -95,7 +95,6 @@ private:
                                                 HttpEnums::SEC__NOT_COMPUTE };
     int32_t num_head_lines[2] = { HttpEnums::STAT_NOT_PRESENT, HttpEnums::STAT_NOT_PRESENT };
     bool tcp_close[2] = { false, false };
-    bool zero_byte_workaround[2];
     bool partial_flush[2] = { false, false };
 
     // Infractions and events are associated with a specific message and are stored in the
index 14738a977cbd8ace95327dc37fcb8cb152377dc7..b1774c2aee017ed79ebc1e211555cc25dfacf51c 100644 (file)
@@ -279,11 +279,10 @@ void HttpInspect::eval(Packet* p)
         return;
 
     // Don't make pkt_data for headers available to detection
-    // FIXIT-M One byte to avoid potential problems with zero
     if ((session_data->section_type[source_id] == SEC_HEADER) ||
         (session_data->section_type[source_id] == SEC_TRAILER))
     {
-        p->set_detect_limit(1);
+        p->set_detect_limit(0);
     }
 
     // Limit alt_dsize of message body sections to request/response depth
@@ -293,9 +292,8 @@ void HttpInspect::eval(Packet* p)
         p->set_detect_limit(session_data->detect_depth_remaining[source_id]);
     }
 
-    const int remove_workaround = session_data->zero_byte_workaround[source_id] ? 1 : 0;
     const bool partial_flush = session_data->partial_flush[source_id];
-    if (!process(p->data, p->dsize - remove_workaround, p->flow, source_id, !partial_flush))
+    if (!process(p->data, p->dsize, p->flow, source_id, !partial_flush))
     {
         DetectionEngine::disable_content(p);
     }
index 81d3dcab1cb6452acc615ea1df4d44af6da759ae..c9873678f318d701e12004adb3316a632ef8d87e 100644 (file)
@@ -418,19 +418,9 @@ const snort::StreamBuffer HttpStreamSplitter::reassemble(snort::Flow* flow, unsi
             partial_buffer_length = buf_size;
         }
 
-        // FIXIT-M kludge until we work out issues with returning an empty buffer
         http_buf.data = buffer;
-        if (buf_size > 0)
-        {
-            http_buf.length = buf_size;
-            session_data->zero_byte_workaround[source_id] = false;
-        }
-        else
-        {
-            buffer[0] = '\0';
-            http_buf.length = 1;
-            session_data->zero_byte_workaround[source_id] = true;
-        }
+        http_buf.length = buf_size;
+
         buffer = nullptr;
         session_data->section_offset[source_id] = 0;
     }
index cf156041c5b92b208c65af5c2dd6ef5261bb313e..82a35b3a99a6a7eb7015972f60fa81b466733367 100644 (file)
@@ -568,7 +568,7 @@ int TcpReassembler::_flush_to_seq(
         bytes_processed += flushed_bytes;
         trs.sos.seglist_base_seq += flushed_bytes;
 
-        if ( pdu->dsize )
+        if ( pdu->data )
         {
             if ( p->packet_flags & PKT_PDU_TAIL )
                 pdu->packet_flags |= ( PKT_REBUILT_STREAM | PKT_STREAM_EST | PKT_PDU_TAIL );