From: Mike Stepanek (mstepane) Date: Thu, 17 Oct 2019 19:54:04 +0000 (-0400) Subject: Merge pull request #1804 in SNORT/snort3 from ~THOPETER/snort3:http2_variable_split... X-Git-Tag: 3.0.0-263~19 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=46851b7a9c1fec076113790e5c6098a7f873978c;p=thirdparty%2Fsnort3.git Merge pull request #1804 in SNORT/snort3 from ~THOPETER/snort3:http2_variable_split to master Squashed commit of the following: commit 13aadca7891842643dc3fcbd4aef7ed396c0b875 Author: Tom Peters Date: Wed Oct 16 16:59:10 2019 -0400 http2_inspect: stop sharing a variable between scan and reassemble --- diff --git a/src/service_inspectors/http2_inspect/http2_flow_data.cc b/src/service_inspectors/http2_inspect/http2_flow_data.cc index bc406f894..7080b82b0 100644 --- a/src/service_inspectors/http2_inspect/http2_flow_data.cc +++ b/src/service_inspectors/http2_inspect/http2_flow_data.cc @@ -89,5 +89,5 @@ void Http2FlowData::clear_frame_data(HttpCommon::SourceId source_id) http2_decoded_header[source_id] = nullptr; continuation_expected[source_id] = false; frames_aggregated[source_id] = 0; - header_octets_seen[source_id] = 0; + scan_header_octets_seen[source_id] = 0; } diff --git a/src/service_inspectors/http2_inspect/http2_flow_data.h b/src/service_inspectors/http2_inspect/http2_flow_data.h index 9a703686c..8e920f171 100644 --- a/src/service_inspectors/http2_inspect/http2_flow_data.h +++ b/src/service_inspectors/http2_inspect/http2_flow_data.h @@ -77,10 +77,8 @@ protected: uint8_t currently_processing_frame_header[2][Http2Enums::FRAME_HEADER_LENGTH]; uint32_t inspection_section_length[2] = { 0, 0 }; uint32_t leftover_data[2] = { 0, 0 }; - - // Used internally by scan() and reassemble() uint32_t octets_seen[2] = { 0, 0 }; - uint8_t header_octets_seen[2] = { 0, 0 }; + uint8_t scan_header_octets_seen[2] = { 0, 0 }; // Scan signals to reassemble() bool header_coming[2] = { false, false }; @@ -93,6 +91,7 @@ protected: uint32_t remaining_frame_data_octets[2] = { 0, 0 }; uint32_t remaining_frame_data_offset[2] = { 0, 0 }; uint32_t frame_header_offset[2] = { 0, 0 }; + uint8_t reassemble_header_octets_seen[2] = { 0, 0 }; // These will eventually be moved over to the frame/stream object, as they are moved to the // transaction in NHI. Also as in NHI accessor methods will need to be added. diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc index 82e1b6aae..9d81778c6 100644 --- a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc +++ b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc @@ -115,33 +115,32 @@ StreamSplitter::Status implement_scan(Http2FlowData* session_data, const uint8_t else { // frame with header - // If there is a header frame followed by a continuation frame in the same tcp segment, need - // to process multiple frames in a single scan + // If there is a header frame followed by a continuation frame in the same tcp segment, + // need to process multiple frames in a single scan *flush_offset = 0; uint32_t remaining_length = length; const uint8_t *data_pos = data; do { - if (session_data->header_octets_seen[source_id] == 0) + if (session_data->scan_header_octets_seen[source_id] == 0) { session_data->header_coming[source_id] = true; session_data->octets_seen[source_id] = 0; - session_data->header_octets_seen[source_id] = 0; } // The first nine bytes are the frame header. But all nine might not all be present in // the first TCP segment we receive. - if (session_data->header_octets_seen[source_id] < FRAME_HEADER_LENGTH) + if (session_data->scan_header_octets_seen[source_id] < FRAME_HEADER_LENGTH) { uint32_t remaining_header = FRAME_HEADER_LENGTH - - session_data->header_octets_seen[source_id]; + session_data->scan_header_octets_seen[source_id]; uint32_t remaining_header_in_data = remaining_header > remaining_length ? remaining_length : remaining_header; memcpy(session_data->currently_processing_frame_header[source_id] + - session_data->header_octets_seen[source_id], + session_data->scan_header_octets_seen[source_id], data_pos, remaining_header_in_data); - session_data->header_octets_seen[source_id] += remaining_header_in_data; - if (session_data->header_octets_seen[source_id] < FRAME_HEADER_LENGTH) + session_data->scan_header_octets_seen[source_id] += remaining_header_in_data; + if (session_data->scan_header_octets_seen[source_id] < FRAME_HEADER_LENGTH) { session_data->octets_seen[source_id] += remaining_header_in_data; status = StreamSplitter::SEARCH; @@ -206,7 +205,7 @@ StreamSplitter::Status implement_scan(Http2FlowData* session_data, const uint8_t { session_data->continuation_expected[source_id] = true; - session_data->header_octets_seen[source_id] = 0; + session_data->scan_header_octets_seen[source_id] = 0; status = StreamSplitter::SEARCH; data_pos = data + *flush_offset; remaining_length = length - *flush_offset; @@ -215,7 +214,7 @@ StreamSplitter::Status implement_scan(Http2FlowData* session_data, const uint8_t { if (!(frame_flags & END_HEADERS)) { - session_data->header_octets_seen[source_id] = 0; + session_data->scan_header_octets_seen[source_id] = 0; status = StreamSplitter::SEARCH; data_pos = data + *flush_offset; remaining_length = length - *flush_offset; @@ -266,7 +265,7 @@ const StreamBuffer implement_reassemble(Http2FlowData* session_data, unsigned to if (total > FRAME_HEADER_LENGTH) session_data->frame_data[source_id] = new uint8_t[total - header_length]; } - session_data->header_octets_seen[source_id] = 0; + session_data->reassemble_header_octets_seen[source_id] = 0; session_data->frame_data_size[source_id] = 0; session_data->frame_header_offset[source_id] = 0; } @@ -287,24 +286,24 @@ const StreamBuffer implement_reassemble(Http2FlowData* session_data, unsigned to uint32_t remaining_len = len - data_pos; // Process the frame header - if (session_data->header_octets_seen[source_id] < FRAME_HEADER_LENGTH) + if (session_data->reassemble_header_octets_seen[source_id] < FRAME_HEADER_LENGTH) { uint8_t remaining_header = FRAME_HEADER_LENGTH - - session_data->header_octets_seen[source_id]; + session_data->reassemble_header_octets_seen[source_id]; if (remaining_header > remaining_len) { memcpy(session_data->frame_header[source_id] + session_data->frame_header_offset[source_id] + - session_data->header_octets_seen[source_id], data + data_pos, + session_data->reassemble_header_octets_seen[source_id], data + data_pos, remaining_len); - session_data->header_octets_seen[source_id] += remaining_len; + session_data->reassemble_header_octets_seen[source_id] += remaining_len; break; } memcpy(session_data->frame_header[source_id] + session_data->frame_header_offset[source_id] + - session_data->header_octets_seen[source_id], data + data_pos, + session_data->reassemble_header_octets_seen[source_id], data + data_pos, remaining_header); - session_data->header_octets_seen[source_id] += remaining_header; + session_data->reassemble_header_octets_seen[source_id] += remaining_header; data_pos += remaining_header; remaining_len -= remaining_header; } @@ -350,7 +349,7 @@ const StreamBuffer implement_reassemble(Http2FlowData* session_data, unsigned to session_data->remaining_octets_to_next_header[source_id] = 0; session_data->remaining_frame_data_octets[source_id] = 0; session_data->remaining_frame_data_offset[source_id] = 0; - session_data->header_octets_seen[source_id] = 0; + session_data->reassemble_header_octets_seen[source_id] = 0; session_data->frame_header_offset[source_id] += FRAME_HEADER_LENGTH; } else if (remaining_len < session_data->remaining_frame_data_offset[source_id])