Merge pull request #2196 in SNORT/snort3 from ~KATHARVE/snort3:hpack_fix to master

Squashed commit of the following:

commit 1d7269ff9265e9f562ce980fed45b19afbed394f
Author: Katura Harvey <katharve@cisco.com>
Date:   Fri May 1 10:25:37 2020 -0400

    http2_inspect: protect against unexpected eval calls

diff --git a/src/service_inspectors/http2_inspect/http2_headers_frame.cc b/src/service_inspectors/http2_inspect/http2_headers_frame.cc
index 8cb71d6ae9faf19990944e28ea66a4044da1abd2..3ac0d0a1145bf350e36bcedc53e26c7675aeeed4 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_headers_frame.cc
+++ b/src/service_inspectors/http2_inspect/http2_headers_frame.cc
@@ -48,6 +48,10 @@ Http2HeadersFrame::Http2HeadersFrame(const uint8_t* header_buffer, const int32_t
     if (get_flags() & END_STREAM)
         stream->set_end_stream(source_id);
 
+    // No need to process an empty headers frame
+    if (data.length() <= 0)
+        return;
+
     uint8_t hpack_headers_offset = 0;
 
     // Remove stream dependency if present
@@ -207,7 +211,8 @@ void Http2HeadersFrame::print_frame(FILE* output)
         fprintf(output, "Error decoding headers.\n");
     if (start_line)
         start_line->print(output, "Decoded start-line");
-    http1_header->print(output, "Decoded header");
+    if (http1_header)
+        http1_header->print(output, "Decoded header");
     Http2Frame::print_frame(output);
 }
 #endif

diff --git a/src/service_inspectors/http2_inspect/http2_inspect.cc b/src/service_inspectors/http2_inspect/http2_inspect.cc
index aeb05ad21a29a1b22d54427a82e097019a18b811..607910d65df0a3e8d44ac3cbaed2bc636adebc0b 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_inspect.cc
+++ b/src/service_inspectors/http2_inspect/http2_inspect.cc
@@ -120,8 +120,12 @@ void Http2Inspect::eval(Packet* p)
 
     // FIXIT-E Workaround for unexpected eval() calls
     // Avoid eval if scan/reassemble aborts
-    if (session_data->frame_type[source_id] == FT__ABORT)
+    if (session_data->frame_type[source_id] == FT__ABORT or
+        ((session_data->frame_header[source_id] == nullptr ) and
+        (session_data->frame_data[source_id] == nullptr)))
+    {
         return;
+    }
 
     Http2Stream* stream = session_data->get_current_stream(source_id);