Merge pull request #2934 in SNORT/snort3 from ~KATHARVE/snort3:http_host_fix to master

Squashed commit of the following:

commit 1ae238c8b83ea926d2b3843f8715743abda678e0
Author: Katura Harvey <katharve@cisco.com>
Date:   Tue Jun 8 12:55:20 2021 -0400

    pub_sub: update HttpEvent::get_host to get_authority - now always includes port if there is one

diff --git a/src/network_inspectors/appid/appid_http_event_handler.cc b/src/network_inspectors/appid/appid_http_event_handler.cc
index efde26c263593f3b2cde6623c52ecb625c1e8c18..be93e915588d705653751f62f4276aa182a19314 100644 (file)
--- a/src/network_inspectors/appid/appid_http_event_handler.cc
+++ b/src/network_inspectors/appid/appid_http_event_handler.cc
@@ -112,7 +112,7 @@ void HttpEventHandler::handle(DataEvent& event, Flow* flow)
 
     if (direction == APP_ID_FROM_INITIATOR)
     {
-        header_start = http_event->get_host(header_length);
+        header_start = http_event->get_authority(header_length);
         if (header_length > 0)
             hsession->set_field(REQ_HOST_FID, header_start, header_length, change_bits);
 

diff --git a/src/network_inspectors/appid/test/appid_http_event_test.cc b/src/network_inspectors/appid/test/appid_http_event_test.cc
index 4aabe3b0c8bfe9b454bdb21798bf08ec12444e51..cdb1de7405f880f1d3e1a45a753b66f5291d87b3 100644 (file)
--- a/src/network_inspectors/appid/test/appid_http_event_test.cc
+++ b/src/network_inspectors/appid/test/appid_http_event_test.cc
@@ -182,7 +182,7 @@ const uint8_t* HttpEvent::get_cookie(int32_t& length)
     return global_field.start();
 }
 
-const uint8_t* HttpEvent::get_host(int32_t& length)
+const uint8_t* HttpEvent::get_authority(int32_t& length)
 {
     global_field.set(0, nullptr);
     if (host)

diff --git a/src/pub_sub/http_events.cc b/src/pub_sub/http_events.cc
index 55803fc416bab6e3d36b29544205b243c8bf81ae..627669293a647884f6b9f3ce5c74691e64da0db0 100644 (file)
--- a/src/pub_sub/http_events.cc
+++ b/src/pub_sub/http_events.cc
@@ -58,15 +58,22 @@ const uint8_t* HttpEvent::get_cookie(int32_t& length)
         length);
 }
 
-const uint8_t* HttpEvent::get_host(int32_t& length)
-{
-    // Use Host header when available
-    const uint8_t* host_header = get_header(HttpEnums::HTTP_BUFFER_HEADER,
-        HttpEnums::HEAD_HOST, length);
-    if (length > 0)
-        return host_header;
-    // Otherwise use authority
-    return get_header(HttpEnums::HTTP_BUFFER_URI, HttpEnums::UC_HOST, length);
+const uint8_t* HttpEvent::get_authority(int32_t& length)
+{
+    // Use authority when available
+    HttpMsgRequest* request = http_msg_header->get_request();
+    if (request)
+    {
+        HttpUri* const uri = request->get_http_uri();
+        if (uri)
+        {
+            length = uri->get_authority().length();
+            if (length > 0)
+                return uri->get_authority().start();
+        }
+    }
+    // Otherwise use host header
+    return get_header(HttpEnums::HTTP_BUFFER_HEADER, HttpEnums::HEAD_HOST, length);
 }
 
 const uint8_t* HttpEvent::get_location(int32_t& length)

diff --git a/src/pub_sub/http_events.h b/src/pub_sub/http_events.h
index b869c74a5a91ba362e0b93bd1fae9a5de98cd27e..021bbdf7b6e51a0e5967a7aa124fdbdcecfa9737 100644 (file)
--- a/src/pub_sub/http_events.h
+++ b/src/pub_sub/http_events.h
@@ -42,7 +42,7 @@ public:
 
     const uint8_t* get_content_type(int32_t &length);
     const uint8_t* get_cookie(int32_t &length);
-    const uint8_t* get_host(int32_t &length);
+    const uint8_t* get_authority(int32_t &length);
     const uint8_t* get_location(int32_t &length);
     const uint8_t* get_referer(int32_t &length);
     const uint8_t* get_server(int32_t &length);