Merge in SNORT/snort3 from ~THOPETER/snort3:h2i20 to master
Squashed commit of the following:
commit
a271d65b5f0146e0101b6aac999ae890dcc29235
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Oct 19 18:44:34 2021 -0400
http2_inspect: hardening
// 0 element refers to client frame, 1 element refers to server frame
- // There is currently one infraction and one event object per flow per direction. This may
- // change in the future.
+ // There is currently one infraction and one event object per flow per direction.
Http2Infractions* const infractions[2] = { new Http2Infractions, new Http2Infractions };
Http2EventGen* const events[2] = { new Http2EventGen, new Http2EventGen };
uint32_t stream_in_hi = Http2Enums::NO_STREAM_ID;
HttpMsgSection* hi_msg_section = nullptr;
bool server_settings_frame_received = false;
+ bool tcp_close[2] = { false, false };
// Reassemble() data to eval()
uint8_t lead_frame_header[2][Http2Enums::FRAME_HEADER_LENGTH];
void process_decoded_headers(HttpFlowData* http_flow, HttpCommon::SourceId hi_source_id);
uint8_t get_flags_mask() const override;
- Field http1_header; // finalized headers to be passed to NHI
+ Field http1_header; // finalized headers to be passed to http_inspect
uint32_t xtradata_mask = 0;
bool detection_required = false;
bool process_frame = true;
(Http2FlowData*)p->flow->get_flow_data(Http2FlowData::inspector_id);
if (!session_data)
+ {
+ assert(false);
return;
+ }
- // FIXIT-E Workaround for unexpected eval() calls
if (session_data->abort_flow[source_id])
{
return;
(Http2FlowData*)p->flow->get_flow_data(Http2FlowData::inspector_id);
if (session_data == nullptr)
+ {
+ assert(false);
return;
+ }
- // FIXIT-E precaution against spurious clear() calls
if (!session_data->frame_in_detection)
{
assert(session_data->stream_in_hi == NO_STREAM_ID);
AssistantGadgetEvent event(pkt, "http");
DataBus::publish(FLOW_ASSISTANT_GADGET_EVENT, event, pkt->flow);
if (pkt->flow->assistant_gadget == nullptr)
+ {
+ // http_inspect is not configured
return HttpStreamSplitter::status_value(StreamSplitter::ABORT, true);
+ }
pkt->flow->set_flow_data(session_data = new Http2FlowData(pkt->flow));
Http2Module::increment_peg_counts(PEG_FLOW);
}
Http2FlowData* session_data = (Http2FlowData*)flow->get_flow_data(Http2FlowData::inspector_id);
if (!session_data)
+ {
+ // assert(false); // FIXIT-M this should not be possible but currently it may be
return false;
+ }
if (session_data->abort_flow[source_id])
return false;
+ if (session_data->tcp_close[source_id])
+ {
+ // assert(false); // FIXIT-M this should not happen but it does
+ session_data->abort_flow[source_id] = true;
+ return false;
+ }
+ session_data->tcp_close[source_id] = true;
+
#ifdef REG_TEST
if (HttpTestManager::use_test_output(HttpTestManager::IN_HTTP2))
{
#endif
}
session_data->stream_in_hi = NO_STREAM_ID;
-
}
return need_reassemble;
projects / thirdparty / snort3.git / commitdiff
