From: Mike Stepanek (mstepane) <mstepane@cisco.com>
Date: Fri, 17 Jan 2020 14:48:09 +0000 (+0000)
Subject: Merge pull request #1942 in SNORT/snort3 from ~DERAMADA/snort3:h2i_new_tests to master
X-Git-Tag: 3.0.0-268~52
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1002433cbfd974989156b82c3ce5f16b345bb8d6;p=thirdparty%2Fsnort3.git

Merge pull request #1942 in SNORT/snort3 from ~DERAMADA/snort3:h2i_new_tests to master

Squashed commit of the following:

commit 4ff7df9bd99779dc9fb82e72eaaaf548624811ef
Author: deramada <deramada@cisco.com>
Date:   Tue Jan 14 10:41:19 2020 -0500

    http2_inspect: fix string decode error
---

diff --git a/src/service_inspectors/http2_inspect/http2_hpack_string_decode.cc b/src/service_inspectors/http2_inspect/http2_hpack_string_decode.cc
index d77215447..ff4a63e60 100644
--- a/src/service_inspectors/http2_inspect/http2_hpack_string_decode.cc
+++ b/src/service_inspectors/http2_inspect/http2_hpack_string_decode.cc
@@ -202,7 +202,9 @@ bool Http2HpackStringDecode::get_huffman_string(const uint8_t* in_buff, const ui
     // Tail needs 1 last lookup in case the leftover is big enough for a match.
     // Make sure match length <= available length
     uint8_t leftover_len = 8 - cur_bit;
-    uint8_t old_result = result.len;
+    uint8_t old_result_len = result.len;
+    HuffmanState old_result_state = result.state;
+
     if (another_search && (leftover_len >= min_decode_len[state]))
     {
         result = huffman_decode[state][byte];
@@ -212,7 +214,13 @@ bool Http2HpackStringDecode::get_huffman_string(const uint8_t* in_buff, const ui
             byte = (byte << result.len) | (((uint16_t)1 << result.len) - 1);
         }
         else
-            result.len = old_result;
+        {
+            // Use leftover bits for padding check if previous lookup was a match
+            if (old_result_state == HUFFMAN_MATCH)
+                result.len = leftover_len;
+            else
+                result.len = old_result_len;
+        }
     }
 
     // Padding check
diff --git a/src/service_inspectors/http2_inspect/test/http2_hpack_string_decode_test.cc b/src/service_inspectors/http2_inspect/test/http2_hpack_string_decode_test.cc
index 083b15dd3..0a710b4e5 100644
--- a/src/service_inspectors/http2_inspect/test/http2_hpack_string_decode_test.cc
+++ b/src/service_inspectors/http2_inspect/test/http2_hpack_string_decode_test.cc
@@ -582,6 +582,21 @@ TEST(http2_hpack_string_decode_success, huffman_decoding_all_possible_symbols_he
     CHECK(memcmp(res, expected, 16) == 0);
 }
 
+TEST(http2_hpack_string_decode_success, huffman_decoding_tail_lookup_unsucessful)
+{
+    // tail lookup unsuccessful after successful previous match
+    // decodes to 9D
+    uint8_t buf[3] = {0x82, 0x7E, 0xFF};
+    // decode
+    uint32_t bytes_processed = 0, bytes_written = 0;
+    uint8_t res[3];
+    bool success = decode->translate(buf, 3, bytes_processed, res, 3, bytes_written, &events, &inf);
+    // check results
+    CHECK(success == true);
+    CHECK(bytes_processed == 3);
+    CHECK(bytes_written == 2);
+}
+
 //
 // The following tests should trigger infractions/events
 //