Merge pull request #3087 in SNORT/snort3 from ~MDAGON/snort3:hardening to master

author Tom Peters (thopeter) <thopeter@cisco.com>

Mon, 4 Oct 2021 20:24:21 +0000 (20:24 +0000)

committer Tom Peters (thopeter) <thopeter@cisco.com>

Mon, 4 Oct 2021 20:24:21 +0000 (20:24 +0000)
author Tom Peters (thopeter) <thopeter@cisco.com>
Mon, 4 Oct 2021 20:24:21 +0000 (20:24 +0000)
committer Tom Peters (thopeter) <thopeter@cisco.com>
Mon, 4 Oct 2021 20:24:21 +0000 (20:24 +0000)
diff --git a/src/service_inspectors/http2_inspect/http2_flow_data.h b/src/service_inspectors/http2_inspect/http2_flow_data.h

index d17c6a9fbeb7e1316e2455295b87ae8d535de5f6..7b0acb9f7668040855859fc706273359d98ef4b3 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_flow_data.h
+++ b/src/service_inspectors/http2_inspect/http2_flow_data.h
@@ -175,6 +175,7 @@ protected:
  
      // Scan signals to reassemble()
      bool payload_discard[2] = { false, false };
+    unsigned bytes_scanned[2] = { 0, 0 };
  
      // Used by scan, reassemble and eval to communicate
      uint8_t frame_type[2] = { Http2Enums::FT__NONE, Http2Enums::FT__NONE };
diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc

index 408735ad944e8eb1100485588ad81c6ccd8fa5ae..8847c67986c5fbc0c3a9c2353aeffb00bf65cec2 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc
+++ b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc
@@ -97,6 +97,9 @@ StreamSplitter::Status Http2StreamSplitter::scan(Packet* pkt, const uint8_t* dat
      const StreamSplitter::Status ret_val =
          implement_scan(session_data, data, length, flush_offset, source_id);
  
+    session_data->bytes_scanned[source_id] += (ret_val == StreamSplitter::FLUSH)?
+        *flush_offset : length;
+
      if (ret_val == StreamSplitter::ABORT)
          session_data->abort_flow[source_id] = true;
  
@@ -161,7 +164,10 @@ const StreamBuffer Http2StreamSplitter::reassemble(Flow* flow, unsigned total, u
      if (session_data->payload_discard[source_id])
      {
          if (flags & PKT_PDU_TAIL)
+        {
              session_data->payload_discard[source_id] = false;
+            session_data->bytes_scanned[source_id] = 0;
+        }
  
  #ifdef REG_TEST
          if (HttpTestManager::use_test_output(HttpTestManager::IN_HTTP2))
diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc

index 6175dab86abb528a7d017008d24d74820757259b..f420af5e8a65dd07796858d71b401748a0efad56 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
+++ b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
@@ -386,7 +386,7 @@ const StreamBuffer Http2StreamSplitter::implement_reassemble(Http2FlowData* sess
  
      StreamBuffer frame_buf { nullptr, 0 };
  
-    if ( total > MAX_OCTETS || offset+len > total)
+    if ( offset+len > total || total != session_data->bytes_scanned[source_id])
      {
           assert(false);
           session_data->abort_flow[source_id] = true;
@@ -532,6 +532,7 @@ const StreamBuffer Http2StreamSplitter::implement_reassemble(Http2FlowData* sess
              // but don't create pkt_data buffer
              frame_buf.data = (const uint8_t*)"";
          }
+        session_data->bytes_scanned[source_id] = 0;
      }
  
      return frame_buf;
author	Tom Peters (thopeter) <thopeter@cisco.com>
	Mon, 4 Oct 2021 20:24:21 +0000 (20:24 +0000)
committer	Tom Peters (thopeter) <thopeter@cisco.com>
	Mon, 4 Oct 2021 20:24:21 +0000 (20:24 +0000)
src/service_inspectors/http2_inspect/http2_flow_data.h		patch \| blob \| blame \| history
src/service_inspectors/http2_inspect/http2_stream_splitter.cc		patch \| blob \| blame \| history
src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc		patch \| blob \| blame \| history