Merge pull request #2432 in SNORT/snort3 from ~RDEMPSTE/snort3:plugins to master

Squashed commit of the following:

commit d381d49e800420f551024c4a5a275e541736e107
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Tue Sep 1 10:29:54 2020 -0400

    payload_injector: assume http1, if packet does not have a gadget

diff --git a/src/payload_injector/payload_injector_module.cc b/src/payload_injector/payload_injector_module.cc
index dab8cb89c8664a4f76b1fcd8d549a26503eb5603..88f81a1f8f5a8be2a3317b186c70b9bbfd45ec4d 100644 (file)
--- a/src/payload_injector/payload_injector_module.cc
+++ b/src/payload_injector/payload_injector_module.cc
@@ -136,9 +136,9 @@ InjectionReturnStatus PayloadInjectorModule::inject_http_payload(Packet* p,
 
         if (p->packet_flags & PKT_STREAM_EST)
         {
-            if (!p->flow || !p->flow->gadget)
+            if (!p->flow)
                 status = ERR_UNIDENTIFIED_PROTOCOL;
-            else if (strcmp(p->flow->gadget->get_name(),"http_inspect") == 0)
+            else if (!p->flow->gadget || strcmp(p->flow->gadget->get_name(),"http_inspect") == 0)
             {
                 payload_injector_stats.http_injects++;
                 p->active->send_data(p, df, control.http_page, control.http_page_len);

diff --git a/src/payload_injector/test/payload_injector_test.cc b/src/payload_injector/test/payload_injector_test.cc
index 0f847f8b9bcf390bcc6991ed7f7e9009033b9978..f8216e0f189e60a824c4c13a9ffcef84a6f6218f 100644 (file)
--- a/src/payload_injector/test/payload_injector_test.cc
+++ b/src/payload_injector/test/payload_injector_test.cc
@@ -131,6 +131,7 @@ TEST_GROUP(payload_injector_test)
     InjectionControl control;
     PayloadInjectorCounts* counts = (PayloadInjectorCounts*)mod.get_counts();
     Flow flow;
+    Active active;
 
     void setup() override
     {
@@ -193,6 +194,7 @@ TEST(payload_injector_test, configured_stream_established)
     mock_api.base.name = "http_inspect";
     flow.gadget = new MockInspector();
     p.flow = &flow;
+    p.active = &active;
     InjectionReturnStatus status = mod.inject_http_payload(&p, control);
     CHECK(counts->http_injects == 1);
     CHECK(status == INJECTION_SUCCESS);
@@ -225,6 +227,7 @@ TEST(payload_injector_test, http2_success)
     mock_api.base.name = "http2_inspect";
     flow.gadget = new MockInspector();
     p.flow = &flow;
+    p.active = &active;
     control.stream_id = 1;
     InjectionReturnStatus status = mod.inject_http_payload(&p, control);
     CHECK(counts->http2_injects == 1);
@@ -239,11 +242,11 @@ TEST(payload_injector_test, unidentified_gadget_is_null)
     Packet p(false);
     p.packet_flags = PKT_STREAM_EST;
     p.flow = &flow;
+    p.active = &active;
     InjectionReturnStatus status = mod.inject_http_payload(&p, control);
-    CHECK(status == ERR_UNIDENTIFIED_PROTOCOL);
+    CHECK(counts->http_injects == 1);
+    CHECK(status == INJECTION_SUCCESS);
     CHECK(flow.flow_state == Flow::FlowState::BLOCK);
-    const char* err_string = mod.get_err_string(status);
-    CHECK(strcmp(err_string, "Unidentified protocol") == 0);
 }
 
 TEST(payload_injector_test, unidentified_gadget_name)