Ticket: 7658
Suricata will not handle well if we open a file for this tx,
do not close it, but set the transaction state to completed.
RFC 9113 section 6.1 states:
If a DATA frame is received whose Stream Identifier field is 0x00,
the recipient MUST respond with a connection error (Section 5.4.1)
of type PROTOCOL_ERROR.
(cherry picked from commit
1d6d331752e933c46aca0ae7a9679b27462246e3)
alert http2 any any -> any any (msg:"SURICATA HTTP2 authority host mismatch"; flow:established,to_server; app-layer-event:http2.authority_host_mismatch; classtype:protocol-command-decode; sid:2290013; rev:1;)
alert http2 any any -> any any (msg:"SURICATA HTTP2 user info in uri"; flow:established,to_server; app-layer-event:http2.userinfo_in_uri; classtype:protocol-command-decode; sid:2290014; rev:1;)
alert http2 any any -> any any (msg:"SURICATA HTTP2 reassembly limit reached"; flow:established; app-layer-event:http2.reassembly_limit_reached; classtype:protocol-command-decode; sid:2290015; rev:1;)
+alert http2 any any -> any any (msg:"SURICATA HTTP2 data on stream zero"; flow:established; app-layer-event:http2.data_stream_zero; classtype:protocol-command-decode; sid:2290018; rev:1;)
AuthorityHostMismatch,
UserinfoInUri,
ReassemblyLimitReached,
+ DataStreamZero,
}
pub struct HTTP2DynTable {
data: txdata,
});
}
- if ftype == parser::HTTP2FrameType::Data as u8 {
+ if ftype == parser::HTTP2FrameType::Data as u8 && sid == 0 {
+ tx.tx_data.set_event(HTTP2Event::DataStreamZero as u8);
+ } else if ftype == parser::HTTP2FrameType::Data as u8 && sid > 0 {
match unsafe { SURICATA_HTTP2_FILE_CONFIG } {
Some(sfcm) => {
//borrow checker forbids to reuse directly tx
projects / thirdparty / suricata.git / commitdiff
