Merge pull request #2307 in SNORT/snort3 from ~KATHARVE/snort3:http_type_depth_fix...

Squashed commit of the following:

commit 4cb98445cca7c049e14717c36b3929474c1548f3
Author: Katura Harvey <katharve@cisco.com>
Date:   Wed Jun 24 10:23:26 2020 -0400

    http_inspect: send MIME full message body for file processing

diff --git a/src/service_inspectors/http_inspect/http_msg_body.cc b/src/service_inspectors/http_inspect/http_msg_body.cc
index 7275f3858f89da24993c8eacee0502c359e1ece5..2ee2b60e6c672f87967d11272b7ee454a98a324d 100644 (file)
--- a/src/service_inspectors/http_inspect/http_msg_body.cc
+++ b/src/service_inspectors/http_inspect/http_msg_body.cc
@@ -218,11 +218,12 @@ void HttpMsgBody::do_file_processing(const Field& file_data)
         return;
     }
 
-    const int32_t fp_length = (file_data.length() <= session_data->file_depth_remaining[source_id])
-        ? file_data.length() : session_data->file_depth_remaining[source_id];
-
     if (!session_data->mime_state[source_id])
     {
+        const int32_t fp_length = (file_data.length() <=
+            session_data->file_depth_remaining[source_id]) ?
+            file_data.length() : session_data->file_depth_remaining[source_id];
+
         FileFlows* file_flows = FileFlows::get_file_flows(flow);
         if (!file_flows)
             return;
@@ -264,14 +265,7 @@ void HttpMsgBody::do_file_processing(const Field& file_data)
     else
     {
         session_data->mime_state[source_id]->process_mime_data(p, file_data.start(),
-            fp_length, true, SNORT_FILE_POSITION_UNKNOWN);
-
-        session_data->file_depth_remaining[source_id] -= fp_length;
-        if (session_data->file_depth_remaining[source_id] == 0)
-        {
-            delete session_data->mime_state[source_id];
-            session_data->mime_state[source_id] = nullptr;
-        }
+            file_data.length(), true, SNORT_FILE_POSITION_UNKNOWN);
     }
 }
 

diff --git a/src/service_inspectors/http_inspect/http_msg_header.cc b/src/service_inspectors/http_inspect/http_msg_header.cc
index 256750a0123d1df81021232e71cb2625b5d5b038..9161162363fe844e9bdc92b536af920b60e0ba20 100644 (file)
--- a/src/service_inspectors/http_inspect/http_msg_header.cc
+++ b/src/service_inspectors/http_inspect/http_msg_header.cc
@@ -401,16 +401,17 @@ void HttpMsgHeader::prepare_body()
 
 void HttpMsgHeader::setup_file_processing()
 {
-    // Generate the unique file id for file processing
-    transaction->set_file_processing_id(source_id, get_transaction_id(),
-        get_h2_stream_id(source_id));
-
-    if ((session_data->file_depth_remaining[source_id] = FileService::get_max_file_depth()) < 0)
+    const int64_t max_file_depth = FileService::get_max_file_depth();
+    if (max_file_depth <= 0)
     {
         session_data->file_depth_remaining[source_id] = 0;
         return;
     }
 
+    // Generate the unique file id for file processing
+    transaction->set_file_processing_id(source_id, get_transaction_id(),
+        get_h2_stream_id(source_id));
+
     // Do we meet all the conditions for MIME file processing?
     if (source_id == SRC_CLIENT)
     {
@@ -432,6 +433,7 @@ void HttpMsgHeader::setup_file_processing()
                     SNORT_FILE_POSITION_UNKNOWN);
                 session_data->mime_state[source_id]->process_mime_data(p,
                     (const uint8_t*)"\r\n", 2, true, SNORT_FILE_POSITION_UNKNOWN);
+                session_data->file_depth_remaining[source_id] = INT64_MAX;
             }
         }
     }
@@ -439,6 +441,7 @@ void HttpMsgHeader::setup_file_processing()
     // Otherwise do regular file processing
     if (session_data->mime_state[source_id] == nullptr)
     {
+        session_data->file_depth_remaining[source_id] = max_file_depth;
         FileFlows* file_flows = FileFlows::get_file_flows(flow);
         if (!file_flows)
             session_data->file_depth_remaining[source_id] = 0;