]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
Merge pull request #2666 in SNORT/snort3 from ~KATHARVE/snort3:h2i_inspection_depth2...
authorMike Stepanek (mstepane) <mstepane@cisco.com>
Fri, 11 Dec 2020 14:40:57 +0000 (14:40 +0000)
committerMike Stepanek (mstepane) <mstepane@cisco.com>
Fri, 11 Dec 2020 14:40:57 +0000 (14:40 +0000)
Squashed commit of the following:

commit 0ac7d7a247071936d351a9b514d7aa240ad9386b
Author: Katura Harvey <katharve@cisco.com>
Date:   Thu Dec 10 16:36:19 2020 -0500

    http2_inspect: fix bug with exceeding inspection depth

src/service_inspectors/http2_inspect/http2_data_cutter.cc

index ae54b8a7f9c77ef58039cce30861532bc79a6a7c..f8ee151dc622b4e19ecbbd850fcbb882087b6cb0 100644 (file)
@@ -199,8 +199,8 @@ void Http2DataCutter::reassemble(const uint8_t* data, unsigned len)
             cur_pos += cur_data;
 
             unsigned copied;
-            const uint32_t flags = (bytes_sent_http == (cur_data + reassemble_bytes_sent)) ?
-                PKT_PDU_TAIL : 0;
+            const bool reassemble_tail = bytes_sent_http == (cur_data + reassemble_bytes_sent);
+            const uint32_t flags = reassemble_tail ? PKT_PDU_TAIL : 0;
             session_data->stream_in_hi = session_data->current_stream[source_id];
             StreamBuffer frame_buf = session_data->hi_ss[source_id]->reassemble(session_data->flow,
                 bytes_sent_http, 0, data + cur_data_offset, cur_data,
@@ -208,16 +208,20 @@ void Http2DataCutter::reassemble(const uint8_t* data, unsigned len)
             session_data->stream_in_hi = NO_STREAM_ID;
             assert(copied == (unsigned)cur_data);
 
-            if (frame_buf.data != nullptr)
+            if (reassemble_tail)
             {
-                session_data->frame_data[source_id] = frame_buf.data;
-                session_data->frame_data_size[source_id] = frame_buf.length;
                 bytes_sent_http = 0;
                 reassemble_bytes_sent = 0;
+                if (frame_buf.data != nullptr)
+                {
+                    session_data->frame_data[source_id] = frame_buf.data;
+                    session_data->frame_data_size[source_id] = frame_buf.length;
+                }
             }
             else
                 reassemble_bytes_sent += copied;
 
+            // We've reached the end of the frame
             if (reassemble_data_bytes_read == reassemble_data_len)
             {
                 reassemble_data_bytes_read = 0;