From: Masud Hasan (mashasan) <mashasan@cisco.com>
Date: Thu, 23 Jun 2022 19:13:43 +0000 (+0000)
Subject: Pull request #3481: rna: Use the longest user agent fingerprint among multiple matches
X-Git-Tag: 3.1.33.0~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=03b089644cc307ca0173499cc83b801fb4942e21;p=thirdparty%2Fsnort3.git

Pull request #3481: rna: Use the longest user agent fingerprint among multiple matches

Merge in SNORT/snort3 from ~MASHASAN/snort3:longest_ua_match to master

Squashed commit of the following:

commit b4dbadacd3b980129546806c411de4da6f96e5ff
Author: Masud Hasan <mashasan@cisco.com>
Date:   Fri Jun 17 10:31:03 2022 -0400

    rna: Use the longest user agent fingerprint among multiple matches
---

diff --git a/src/network_inspectors/rna/rna_fingerprint_ua.cc b/src/network_inspectors/rna/rna_fingerprint_ua.cc
index 6abb849e8..6d77f847f 100644
--- a/src/network_inspectors/rna/rna_fingerprint_ua.cc
+++ b/src/network_inspectors/rna/rna_fingerprint_ua.cc
@@ -180,6 +180,7 @@ static inline UaFingerprint* search_ua_fp(SearchTool* mpse, const char* start, u
 
     sort(matched_parts.begin(), matched_parts.end(), CompareParts());
 
+    UaFingerprint* matched_fp = nullptr;
     uint32_t cur_fpid = 0, part_num = 0;
     for (auto& fp : matched_parts)
     {
@@ -191,11 +192,12 @@ static inline UaFingerprint* search_ua_fp(SearchTool* mpse, const char* start, u
 
         if ( part_num == fp->part_num )
         {
-            if ( ++part_num == fp->total_parts )
-                return fp;
+            if ( ++part_num == fp->total_parts and
+                ( !matched_fp or matched_fp->user_agent.size() < fp->user_agent.size() ) )
+                    matched_fp = fp;
         }
     }
-    return nullptr;
+    return matched_fp;
 }
 
 void UaFpProcessor::match_mpse(const char* host, const char* uagent, const UaFingerprint*& osfp,