]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
Pull request #3869: icmp6: allow rules to match packet data after header
authorBrandon Stultz (brastult) <brastult@cisco.com>
Tue, 20 Jun 2023 07:39:16 +0000 (07:39 +0000)
committerOleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
Tue, 20 Jun 2023 07:39:16 +0000 (07:39 +0000)
Merge in SNORT/snort3 from ~BRASTULT/snort3:icmp6_codec_fix to master

Squashed commit of the following:

commit 3e505237c534272ed501fac591e8eb53c2224727
Author: Brandon Stultz <brastult@cisco.com>
Date:   Tue May 9 17:07:24 2023 -0400

    icmp6: allow rules to match packet data after header

src/codecs/ip/cd_icmp6.cc

index dbf7eba38ceb3bd48ab336246a25a633a1e49120..e6825135507cb30238c3fa86c01017e20a76d8d4 100644 (file)
@@ -170,7 +170,7 @@ bool Icmp6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
     }
 
     const uint16_t dsize = raw.len - icmp::ICMP6_HEADER_MIN_LEN;
-    uint16_t len;
+    uint16_t len = icmp::ICMP6_HEADER_MIN_LEN;
 
     switch (icmp6h->type)
     {
@@ -241,8 +241,6 @@ bool Icmp6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
 
             if (ntohl(ra->reachable_time) > 3600000)
                 codec_event(codec, DECODE_ICMPV6_ADVERT_BAD_REACHABLE);
-
-            len = icmp::ICMP6_HEADER_MIN_LEN;
         }
         else
         {
@@ -260,8 +258,6 @@ bool Icmp6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
 
             if (ntohl(rs->reserved) != 0)
                 codec_event(codec, DECODE_ICMPV6_SOLICITATION_BAD_RESERVED);
-
-            len = icmp::ICMP6_HEADER_MIN_LEN;
         }
         else
         {
@@ -279,7 +275,6 @@ bool Icmp6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
                 codec_event(codec, DECODE_ICMPV6_NODE_INFO_BAD_CODE);
 
             // FIXIT-L add alert for INFO Response, code == 1 || code == 2) with data
-            len = icmp::ICMP6_HEADER_MIN_LEN;
         }
         else
         {
@@ -313,12 +308,10 @@ bool Icmp6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
     case icmp::Icmp6Types::DUPLICATE_ADDRESS_REQUEST:
     case icmp::Icmp6Types::DUPLICATE_ADDRESS_CONFIRMATION:
     case icmp::Icmp6Types::MPL_CONTROL:
-        len = raw.len;
         break;
 
     default:
         codec_event(codec, DECODE_ICMP6_TYPE_OTHER);
-        len = raw.len;
         break;
     }