From: Kaushal Bhandankar (kbhandan) Date: Fri, 18 Nov 2022 17:49:39 +0000 (+0000) Subject: Pull request #3654: http_inspect: remove port from xff header X-Git-Tag: 3.1.48.0~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b95f53da53efaa94adfbdcfdbf783f9e3b85837;p=thirdparty%2Fsnort3.git Pull request #3654: http_inspect: remove port from xff header Merge in SNORT/snort3 from ~ABHRAWAT/snort3:xff_port to master Squashed commit of the following: commit 303ea6d9c86555861cb1e7af7fe771b7b5168293 Author: abhrawat Date: Sun Nov 6 14:32:13 2022 +0000 http_inspect: remove port from xff header --- diff --git a/src/service_inspectors/http_inspect/http_msg_header.cc b/src/service_inspectors/http_inspect/http_msg_header.cc index 15bda008e..f36688abc 100755 --- a/src/service_inspectors/http_inspect/http_msg_header.cc +++ b/src/service_inspectors/http_inspect/http_msg_header.cc @@ -122,6 +122,12 @@ const Field& HttpMsgHeader::get_true_ip_addr() addr_str[true_ip.length()] = '\0'; SfIp tmp_sfip; + + /* remove port number from ip address */ + char* colon_port = strrchr((char*)addr_str, ':'); + if (colon_port && (strpbrk((char*)addr_str, "[."))) + *colon_port = '\0'; + const SfIpRet status = tmp_sfip.set((char*)addr_str); delete[] addr_str; if (status != SFIP_SUCCESS) diff --git a/src/sfip/sf_ip.cc b/src/sfip/sf_ip.cc index 04c960cbf..41329ded6 100644 --- a/src/sfip/sf_ip.cc +++ b/src/sfip/sf_ip.cc @@ -187,6 +187,8 @@ static inline int _netmask_str_to_bit_count(char* mask, int family) /* Parses "src" and stores results in "dst" */ SfIpRet SfIp::set(const char* src, uint16_t* srcBits) { + bool ob = 0; + char* cb; char* mask; char* sfip_buf; char* ip; @@ -200,8 +202,11 @@ SfIpRet SfIp::set(const char* src, uint16_t* srcBits) family = sfip_str_to_fam(src); /* skip whitespace or opening bracket */ - while (isspace((int)*ip) || (*ip == '[')) + while (isspace((int)*ip) || ((*ip == '[') ? ob = 1 : 0)) ip++; + + if (ob && (cb = strrchr(ip, ']'))) + *cb = '\0'; /* check for and extract a mask in CIDR form */ if ( (mask = strchr(ip, (int)'/')) != nullptr )