Merge pull request #2365 in SNORT/snort3 from ~THOPETER/snort3:nhttp145 to master

Squashed commit of the following:

commit c26ca80f1680939468e9b55518c2a37eb7440da0
Author: Tom Peters <thopeter@cisco.com>
Date:   Thu Jul 30 17:39:46 2020 -0400

    http2_inspect: cleanup

diff --git a/src/service_inspectors/http2_inspect/http2_data_cutter.cc b/src/service_inspectors/http2_inspect/http2_data_cutter.cc
index 6d7d555c7e5c6cbe2f65bf7fc1670b8997918749..5f5519bb5e3fddcdfe957f9a986d9e9545ac79bc 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_data_cutter.cc
+++ b/src/service_inspectors/http2_inspect/http2_data_cutter.cc
@@ -149,6 +149,10 @@ StreamSplitter::Status Http2DataCutter::http_scan(const uint8_t* data, uint32_t*
             leftover_bytes = leftover_padding = 0;
         }
         else if (scan_result == StreamSplitter::ABORT)
+            // FIXIT-E eventually need to implement continued processing. We cannot abort just
+            // because one stream went sideways. A better approach would be to put this one stream
+            // into a pass through mode while continuing to process other streams. As long as we
+            // can parse the framing and process most streams it is reasonable to continue.
             return StreamSplitter::ABORT;
     }
     if (data_state == FULL_FRAME)

diff --git a/src/service_inspectors/http2_inspect/http2_flow_data.h b/src/service_inspectors/http2_inspect/http2_flow_data.h
index 53608c22979d4e7ee3fbfb72c1c2e1481fc6dd85..93f20b0262fdafc30355a949ed0b601299123e81 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_flow_data.h
+++ b/src/service_inspectors/http2_inspect/http2_flow_data.h
@@ -81,7 +81,7 @@ public:
     // Stream access
     class StreamInfo
     {
-public:
+    public:
         const uint32_t id;
         class Http2Stream* stream;
 

diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc
index 1ad19ef984ab85b012d1ece32e5eb8b912e87e1f..348c7ccbd29e887edda77838b23fb7fca8a5d335 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc
+++ b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc
@@ -198,7 +198,8 @@ bool Http2StreamSplitter::finish(Flow* flow)
     {
         if (HttpTestManager::use_test_input(HttpTestManager::IN_HTTP2))
         {
-            HttpTestManager::get_test_input_source()->finish();
+            if (!HttpTestManager::get_test_input_source()->finish())
+                return false;
         }
         else
         {

diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
index 1d2f187943abe15e901a7a5a5e9b6ac3daf9f7c3..1966c216efc51b8047ec934bebc05e9939bebac3 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
+++ b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
@@ -306,9 +306,13 @@ StreamSplitter::Status Http2StreamSplitter::implement_scan(Http2FlowData* sessio
                     get_stream_id(session_data->scan_frame_header[source_id]);
 
                 if (session_data->data_processing[source_id] &&
-                    ((old_stream != session_data->current_stream[source_id] && type == FT_DATA)
-                    || type != FT_DATA))
+                    ((type != FT_DATA) || (old_stream != session_data->current_stream[source_id])))
                 {
+                    // When there is unflushed data in stream we cannot bypass it to work on some
+                    // other frame. Partial flush gets it out of stream while retaining control of
+                    // message body section sizes. It also avoids extreme delays in inspecting the
+                    // data that could occur if we put this aside indefinitely while processing
+                    // other streams.
                     partial_flush_data(session_data, source_id, flush_offset, data_offset,
                         old_stream);
                     return StreamSplitter::FLUSH;