From: Tom Peters (thopeter) Date: Wed, 15 May 2019 18:34:52 +0000 (-0400) Subject: Merge pull request #1602 in SNORT/snort3 from ~SMINUT/snort3:appid_fuzz to master X-Git-Tag: 3.0.0-256~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=402c9447a16d2f19ecddf96f4e35b97970fdd641;p=thirdparty%2Fsnort3.git Merge pull request #1602 in SNORT/snort3 from ~SMINUT/snort3:appid_fuzz to master Squashed commit of the following: commit dd95d711880a5401e8486fd2d59ad8a85a5fa5c5 Author: Silviu Minut Date: Fri May 10 15:58:53 2019 -0400 http_inspect: fix status_code_num bug in HttpMsgHeader::update_flow() that leads to assert on input.length()>0 in norm_decimal_integer. --- diff --git a/src/service_inspectors/http_inspect/http_msg_header.cc b/src/service_inspectors/http_inspect/http_msg_header.cc index 8c1e75b7f..3e86c9f81 100644 --- a/src/service_inspectors/http_inspect/http_msg_header.cc +++ b/src/service_inspectors/http_inspect/http_msg_header.cc @@ -49,7 +49,7 @@ void HttpMsgHeader::publish() HttpEvent http_event(this); const char* key = (source_id == SRC_CLIENT) ? - HTTP_REQUEST_HEADER_EVENT_KEY : HTTP_RESPONSE_HEADER_EVENT_KEY; + HTTP_REQUEST_HEADER_EVENT_KEY : HTTP_RESPONSE_HEADER_EVENT_KEY; DataBus::publish(key, http_event, flow); } @@ -151,7 +151,8 @@ void HttpMsgHeader::update_flow() return; } - if ((source_id == SRC_SERVER) && ((status_code_num <= 199) || (status_code_num == 204) || + if ((source_id == SRC_SERVER) && + ((100 <= status_code_num && status_code_num <= 199) || (status_code_num == 204) || (status_code_num == 304))) { // No body allowed by RFC for these response codes. The message is over regardless of the @@ -521,4 +522,3 @@ void HttpMsgHeader::print_section(FILE* output) HttpMsgSection::print_section_wrapup(output); } #endif - diff --git a/src/service_inspectors/http_inspect/http_normalizers.cc b/src/service_inspectors/http_inspect/http_normalizers.cc index 13867f206..3c4269936 100644 --- a/src/service_inspectors/http_inspect/http_normalizers.cc +++ b/src/service_inspectors/http_inspect/http_normalizers.cc @@ -73,7 +73,8 @@ int32_t norm_remove_quotes_lws(const uint8_t* in_buf, int32_t in_length, uint8_t // values use the first one. int64_t norm_decimal_integer(const Field& input) { - assert(input.length() > 0); + if ( input.length() <= 0 ) + return STAT_PROBLEMATIC; // Limited to 18 decimal digits, not including leading zeros, to fit comfortably into int64_t int64_t total = 0; int non_leading_zeros = 0; @@ -101,4 +102,3 @@ void get_last_token(const Field& input, Field& last_token, char ichar) last_start++; last_token.set(input.length() - (last_start - input.start()), last_start); } -