From: Mike Stepanek (mstepane) <mstepane@cisco.com>
Date: Mon, 13 Jan 2020 21:30:04 +0000 (+0000)
Subject: Merge pull request #1915 in SNORT/snort3 from ~NIHDESAI/snort3:hblock_adjustments... 
X-Git-Tag: 3.0.0-268~59
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=03b367f2a39d07f4f2cb8b7de64ae459585a247d;p=thirdparty%2Fsnort3.git

Merge pull request #1915 in SNORT/snort3 from ~NIHDESAI/snort3:hblock_adjustments to master

Squashed commit of the following:

commit 9a77a8807f272283149ca15da0f1c48f7407c150
Author: Nihal Desai <nihdesai@cisco.com>
Date:   Thu Jan 2 13:06:53 2020 -0500

    http2_inspect: add transfer encoding chunked at end of decoded http1 header block
---

diff --git a/src/service_inspectors/http2_inspect/http2_headers_frame.cc b/src/service_inspectors/http2_inspect/http2_headers_frame.cc
index 21b758b63..673acfc4f 100644
--- a/src/service_inspectors/http2_inspect/http2_headers_frame.cc
+++ b/src/service_inspectors/http2_inspect/http2_headers_frame.cc
@@ -48,6 +48,9 @@ Http2HeadersFrame::Http2HeadersFrame(const uint8_t* header_buffer, const int32_t
     if (get_flags() & PRIORITY)
         hpack_headers_offset = 5;
 
+    // No message body after stream bit is set
+    bool no_message_body = (get_flags() & END_STREAM);
+
     // Set up the decoding context
     Http2HpackDecoder& hpack_decoder = session_data->hpack_decoder[source_id];
 
@@ -61,7 +64,7 @@ Http2HeadersFrame::Http2HeadersFrame(const uint8_t* header_buffer, const int32_t
     if (!hpack_decoder.decode_headers((data.start() + hpack_headers_offset), data.length() -
         hpack_headers_offset, decoded_headers,
         start_line_generator, session_data->events[source_id],
-        session_data->infractions[source_id]))
+        session_data->infractions[source_id], no_message_body))
     {
         session_data->frame_type[source_id] = FT__ABORT;
         error_during_decode = true;
diff --git a/src/service_inspectors/http2_inspect/http2_hpack.cc b/src/service_inspectors/http2_inspect/http2_hpack.cc
index dc5f59776..b3a9fc4ef 100644
--- a/src/service_inspectors/http2_inspect/http2_hpack.cc
+++ b/src/service_inspectors/http2_inspect/http2_hpack.cc
@@ -331,7 +331,7 @@ bool Http2HpackDecoder::decode_header_line(const uint8_t* encoded_header_buffer,
 bool Http2HpackDecoder::decode_headers(const uint8_t* encoded_headers,
     const uint32_t encoded_headers_length, uint8_t* decoded_headers,
     Http2StartLine *start_line_generator, Http2EventGen* stream_events,
-    Http2Infractions* stream_infractions)
+    Http2Infractions* stream_infractions, bool no_message_body)
 {
     uint32_t total_bytes_consumed = 0;
     uint32_t line_bytes_consumed = 0;
@@ -357,11 +357,21 @@ bool Http2HpackDecoder::decode_headers(const uint8_t* encoded_headers,
     if (!start_line->is_finalized())
         success &= finalize_start_line();
 
-    // write the last CRLF to end the header
+    /* Write the last CRLF to end the header
+
+       Adding artificial chunked header to end of HTTP/1.1 decoded header block for H2I to communicate
+       frame boundaries to http_inspect and http_inspect can expect chunked data during inspection */
     if (success)
     {
-        success = write_decoded_headers((const uint8_t*)"\r\n", 2, decoded_headers +
-            decoded_headers_size, MAX_OCTETS - decoded_headers_size, line_bytes_written);
+        if (no_message_body)
+            success = write_decoded_headers((const uint8_t*)"\r\n", 2, decoded_headers +
+                decoded_headers_size, MAX_OCTETS - decoded_headers_size, line_bytes_written);
+        else
+        {
+            const uint8_t chunk_hdr[] = "transfer-encoding: chunked\r\n\r\n";
+            success = write_decoded_headers(chunk_hdr, sizeof(chunk_hdr) - 1, decoded_headers +
+                decoded_headers_size, MAX_OCTETS - decoded_headers_size, line_bytes_written);
+        }
         decoded_headers_size += line_bytes_written;
     }
     else
diff --git a/src/service_inspectors/http2_inspect/http2_hpack.h b/src/service_inspectors/http2_inspect/http2_hpack.h
index cbe6a9e1c..a9d436843 100644
--- a/src/service_inspectors/http2_inspect/http2_hpack.h
+++ b/src/service_inspectors/http2_inspect/http2_hpack.h
@@ -38,7 +38,7 @@ public:
     Http2HpackDecoder() { }
     bool decode_headers(const uint8_t* encoded_headers, const uint32_t encoded_headers_length,
         uint8_t* decoded_headers, Http2StartLine* start_line,
-        Http2EventGen* stream_events, Http2Infractions* stream_infractions);
+        Http2EventGen* stream_events, Http2Infractions* stream_infractions, bool no_message_body);
     bool write_decoded_headers(const uint8_t* in_buffer, const uint32_t in_length,
         uint8_t* decoded_header_buffer, uint32_t decoded_header_length, uint32_t& bytes_written);
     bool decode_header_line(const uint8_t* encoded_header_buffer,