From: Tom Peters (thopeter) <thopeter@cisco.com>
Date: Mon, 16 Aug 2021 21:07:28 +0000 (+0000)
Subject: Merge pull request #3019 in SNORT/snort3 from ~KATHARVE/snort3:inject_fix to master
X-Git-Tag: 3.1.11.0~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2755a2576d31e9806f6000bb390bcdde81992119;p=thirdparty%2Fsnort3.git

Merge pull request #3019 in SNORT/snort3 from ~KATHARVE/snort3:inject_fix to master

Squashed commit of the following:

commit 8ae8769a1c706cdc3806bfc19258fa9c57357ae6
Author: Katura Harvey <katharve@cisco.com>
Date:   Mon Aug 9 10:41:02 2021 -0400

    payload_injector: check if stream is established on flow rather than the packet flag to handle retries

commit 1c061264b0e81afb23ec85b055b546565a081c62
Author: Katura Harvey <katharve@cisco.com>
Date:   Mon Aug 9 10:37:45 2021 -0400

    stream_tcp: update API called by payload_injector to check for unflushed queued TCP segments
---

diff --git a/src/payload_injector/payload_injector.cc b/src/payload_injector/payload_injector.cc
index b86a4c2f4..3bd29fc57 100644
--- a/src/payload_injector/payload_injector.cc
+++ b/src/payload_injector/payload_injector.cc
@@ -120,12 +120,12 @@ InjectionReturnStatus PayloadInjector::inject_http_payload(Packet* p,
         {
             EncodeFlags df = ENC_FLAG_RST_SRVR; // Send RST to server.
 
-            if (p->packet_flags & PKT_STREAM_EST)
+            if (!p->flow)
+                status = ERR_UNIDENTIFIED_PROTOCOL;
+            else if (p->flow->ssn_state.session_flags & SSNFLAG_ESTABLISHED)
             {
-                if (!p->flow)
-                    status = ERR_UNIDENTIFIED_PROTOCOL;
-                else if (!p->flow->gadget || strcmp(p->flow->gadget->get_name(),"http_inspect") ==
-                    0)
+                // FIXIT-M should we be supporting injection when there is no gadget on the flow?
+                if (!p->flow->gadget || strcmp(p->flow->gadget->get_name(), "http_inspect") == 0)
                 {
                     if (p->flow->session and
                         p->flow->session->are_client_segments_queued())
diff --git a/src/payload_injector/test/payload_injector_test.cc b/src/payload_injector/test/payload_injector_test.cc
index deb39954d..e6011a8d6 100644
--- a/src/payload_injector/test/payload_injector_test.cc
+++ b/src/payload_injector/test/payload_injector_test.cc
@@ -172,6 +172,7 @@ TEST_GROUP(payload_injector_test)
         control.http_page = (const uint8_t*)"test";
         control.http_page_len = 4;
         flow.set_state(Flow::FlowState::INSPECT);
+        flow.set_session_flags(SSNFLAG_ESTABLISHED);
         translation_status = INJECTION_SUCCESS;
         http2_flow_data.set_mid_frame(false);
     }
@@ -194,7 +195,6 @@ TEST(payload_injector_test, not_configured_stream_established)
 {
     Packet p(false);
     set_not_configured();
-    p.packet_flags = PKT_STREAM_EST;
     p.flow = &flow;
     InjectionReturnStatus status = PayloadInjector::inject_http_payload(&p, control);
     CHECK(counts->http_injects == 0);
@@ -207,6 +207,7 @@ TEST(payload_injector_test, configured_stream_not_established)
     Packet p(false);
     set_configured();
     p.flow = &flow;
+    flow.update_session_flags(0);
     InjectionReturnStatus status = PayloadInjector::inject_http_payload(&p, control);
     CHECK(counts->http_injects == 0);
     CHECK(status == ERR_STREAM_NOT_ESTABLISHED);
@@ -219,7 +220,6 @@ TEST(payload_injector_test, configured_stream_established)
 {
     Packet p(false);
     set_configured();
-    p.packet_flags = PKT_STREAM_EST;
     mock_api.base.name = "http_inspect";
     flow.gadget = new MockInspector();
     p.flow = &flow;
@@ -235,7 +235,6 @@ TEST(payload_injector_test, http2_stream0)
 {
     Packet p(false);
     set_configured();
-    p.packet_flags = PKT_STREAM_EST;
     mock_api.base.name = "http2_inspect";
     flow.gadget = new MockInspector();
     p.flow = &flow;
@@ -252,7 +251,6 @@ TEST(payload_injector_test, http2_even_stream_id)
 {
     Packet p(false);
     set_configured();
-    p.packet_flags = PKT_STREAM_EST;
     mock_api.base.name = "http2_inspect";
     flow.gadget = new MockInspector();
     p.flow = &flow;
@@ -270,7 +268,6 @@ TEST(payload_injector_test, http2_success)
 {
     Packet p(false);
     set_configured();
-    p.packet_flags = PKT_STREAM_EST;
     mock_api.base.name = "http2_inspect";
     flow.gadget = new MockInspector();
     p.flow = &flow;
@@ -287,7 +284,6 @@ TEST(payload_injector_test, unidentified_gadget_is_null)
 {
     Packet p(false);
     set_configured();
-    p.packet_flags = PKT_STREAM_EST;
     p.flow = &flow;
     p.active = &active;
     InjectionReturnStatus status = PayloadInjector::inject_http_payload(&p, control);
@@ -300,7 +296,6 @@ TEST(payload_injector_test, unidentified_gadget_name)
 {
     Packet p(false);
     set_configured();
-    p.packet_flags = PKT_STREAM_EST;
     mock_api.base.name = "inspector";
     flow.gadget = new MockInspector();
     p.flow = &flow;
@@ -314,7 +309,6 @@ TEST(payload_injector_test, http2_mid_frame)
 {
     Packet p(false);
     set_configured();
-    p.packet_flags = PKT_STREAM_EST;
     mock_api.base.name = "http2_inspect";
     flow.gadget = new MockInspector();
     p.flow = &flow;
@@ -334,7 +328,6 @@ TEST(payload_injector_test, http2_continuation_expected)
 {
     Packet p(false);
     set_configured();
-    p.packet_flags = PKT_STREAM_EST;
     mock_api.base.name = "http2_inspect";
     flow.gadget = new MockInspector();
     p.flow = &flow;
@@ -364,7 +357,6 @@ TEST(payload_injector_test, flow_is_null)
 {
     Packet p(false);
     set_configured();
-    p.packet_flags = PKT_STREAM_EST;
     InjectionReturnStatus status = PayloadInjector::inject_http_payload(&p, control);
     CHECK(counts->http_injects == 0);
     CHECK(status == ERR_UNIDENTIFIED_PROTOCOL);
@@ -389,6 +381,7 @@ TEST_GROUP(payload_injector_translate_err_test)
         control.http_page = (const uint8_t*)"test";
         control.http_page_len = 4;
         flow.set_state(Flow::FlowState::INSPECT);
+        flow.set_session_flags(SSNFLAG_ESTABLISHED);
         http2_flow_data.set_mid_frame(false);
         mock_api.base.name = "http2_inspect";
         flow.gadget = new MockInspector();
@@ -408,7 +401,6 @@ TEST(payload_injector_translate_err_test, http2_page_translation_err)
 {
     Packet p(false);
     set_configured();
-    p.packet_flags = PKT_STREAM_EST;
     p.flow = &flow;
     translation_status = ERR_PAGE_TRANSLATION;
     status = PayloadInjector::inject_http_payload(&p, control);
@@ -421,7 +413,6 @@ TEST(payload_injector_translate_err_test, http2_hdrs_size)
 {
     Packet p(false);
     set_configured();
-    p.packet_flags = PKT_STREAM_EST;
     p.flow = &flow;
     translation_status = ERR_TRANSLATED_HDRS_SIZE;
     status = PayloadInjector::inject_http_payload(&p, control);
@@ -434,7 +425,6 @@ TEST(payload_injector_translate_err_test, conflicting_s2c_traffic)
 {
     Packet p(false);
     set_configured();
-    p.packet_flags = PKT_STREAM_EST;
     p.flow = &flow;
     translation_status = ERR_CONFLICTING_S2C_TRAFFIC;
     status = PayloadInjector::inject_http_payload(&p, control);
diff --git a/src/stream/tcp/tcp_stream_session.cc b/src/stream/tcp/tcp_stream_session.cc
index 0d154abf9..50f55f448 100644
--- a/src/stream/tcp/tcp_stream_session.cc
+++ b/src/stream/tcp/tcp_stream_session.cc
@@ -231,7 +231,7 @@ bool TcpStreamSession::are_packets_missing(uint8_t dir)
 
 bool TcpStreamSession::are_client_segments_queued()
 {
-    return client.reassembler.get_seg_count() > 0;
+    return client.reassembler.is_segment_pending_flush();
 }
 
 bool TcpStreamSession::add_alert(Packet* p, uint32_t gid, uint32_t sid)