From: Michael Altizer (mialtize) <mialtize@cisco.com>
Date: Thu, 13 Feb 2020 03:28:48 +0000 (+0000)
Subject: Merge pull request #1998 in SNORT/snort3 from ~THOPETER/snort3:nhttp134 to master
X-Git-Tag: 3.0.0-268~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=431971e7ed0d12bf08536fbd5510cff04a8413de;p=thirdparty%2Fsnort3.git

Merge pull request #1998 in SNORT/snort3 from ~THOPETER/snort3:nhttp134 to master

Squashed commit of the following:

commit 70adf9b7d5329b7c573739d6f952b67e228bd173
Author: Tom Peters <thopeter@cisco.com>
Date:   Tue Feb 11 16:52:43 2020 -0500

    http_inspect: gzip splitting beyond request_depth should use correct target size
---

diff --git a/src/service_inspectors/http_inspect/http_enum.h b/src/service_inspectors/http_inspect/http_enum.h
index ed61be746..40719bdda 100644
--- a/src/service_inspectors/http_inspect/http_enum.h
+++ b/src/service_inspectors/http_inspect/http_enum.h
@@ -27,7 +27,6 @@ namespace HttpEnums
 static const int MAX_OCTETS = 63780;
 static const int GZIP_BLOCK_SIZE = 2048;
 static const int MAX_SECTION_STRETCH = 1460;
-static const int MIN_FILE_BLOCK_SIZE = 1;
 
 static const uint32_t HTTP_GID = 119;
 static const int GZIP_WINDOW_BITS = 31;
diff --git a/src/service_inspectors/http_inspect/http_msg_section.cc b/src/service_inspectors/http_inspect/http_msg_section.cc
index 5aca2b809..b3a2fbab0 100644
--- a/src/service_inspectors/http_inspect/http_msg_section.cc
+++ b/src/service_inspectors/http_inspect/http_msg_section.cc
@@ -92,6 +92,9 @@ void HttpMsgSection::update_depth() const
         session_data->detection_status[source_id] = DET_DEACTIVATING;
     }
 
+    const unsigned target_size = (session_data->compression[source_id] == CMP_NONE) ?
+        SnortConfig::get_conf()->max_pdu : GZIP_BLOCK_SIZE;
+
     if (detect_depth_remaining <= 0)
     {
         if (file_depth_remaining <= 0)
@@ -101,16 +104,13 @@ void HttpMsgSection::update_depth() const
         }
         else
         {
-            // Just for file processing. Split on packet boundaries.
-            session_data->section_size_target[source_id] = MIN_FILE_BLOCK_SIZE;
+            // Just for file processing.
+            session_data->section_size_target[source_id] = target_size;
             session_data->stretch_section_to_packet[source_id] = true;
         }
         return;
     }
 
-    const unsigned target_size = (session_data->compression[source_id] == CMP_NONE) ?
-        SnortConfig::get_conf()->max_pdu : GZIP_BLOCK_SIZE;
-
     if (detect_depth_remaining <= target_size)
     {
         // Go to detection as soon as detect depth is reached