From: Tom Peters (thopeter) <thopeter@cisco.com>
Date: Mon, 24 Jan 2022 19:42:07 +0000 (+0000)
Subject: Pull request #3239: BUG #722837 http_version_match should use the msg section version... 
X-Git-Tag: 3.1.21.0~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4c7bc66fcc551eb7d64a29ccb8c11ce781240cb5;p=thirdparty%2Fsnort3.git

Pull request #3239: BUG #722837 http_version_match should use the msg section version id instead of the flow data version id

Merge in SNORT/snort3 from ~MDAGON/snort3:version_fix to master

Squashed commit of the following:

commit 15b88a547e2a1c1231f15bc78a1cefaaa32b1f77
Author: Maya Dagon <mdagon@cisco.com>
Date:   Fri Jan 14 16:10:22 2022 -0500

    http_inspect: http_version_match uses msg section version id
---

diff --git a/src/service_inspectors/http_inspect/http_flow_data.h b/src/service_inspectors/http_inspect/http_flow_data.h
index 3ecb7fdbe..23f4d2377 100644
--- a/src/service_inspectors/http_inspect/http_flow_data.h
+++ b/src/service_inspectors/http_inspect/http_flow_data.h
@@ -86,9 +86,6 @@ public:
 
     uint32_t get_h2_stream_id() const;
 
-    HttpEnums::VersionId get_version_id(HttpCommon::SourceId source_id) const
-    { return version_id[source_id]; }
-
 private:
     // HTTP/2 handling
     bool for_http2 = false;
diff --git a/src/service_inspectors/http_inspect/http_inspect.cc b/src/service_inspectors/http_inspect/http_inspect.cc
index 08130f56b..6cbde96c9 100755
--- a/src/service_inspectors/http_inspect/http_inspect.cc
+++ b/src/service_inspectors/http_inspect/http_inspect.cc
@@ -296,6 +296,16 @@ int32_t HttpInspect::http_get_num_headers(Packet* p,
     return current_section->get_num_headers(buffer_info);
 }
 
+VersionId HttpInspect::http_get_version_id(Packet* p) const
+{
+    const HttpMsgSection* const current_section = HttpContextData::get_snapshot(p);
+
+    if (current_section == nullptr)
+        return VERS__NOT_PRESENT;
+
+    return current_section->get_version_id();
+}
+
 bool HttpInspect::get_fp_buf(InspectionBuffer::Type ibt, Packet* p, InspectionBuffer& b)
 {
     if (get_latest_is(p) == IS_NONE)
diff --git a/src/service_inspectors/http_inspect/http_inspect.h b/src/service_inspectors/http_inspect/http_inspect.h
index b8cece053..0f80b421f 100644
--- a/src/service_inspectors/http_inspect/http_inspect.h
+++ b/src/service_inspectors/http_inspect/http_inspect.h
@@ -50,6 +50,7 @@ public:
     const Field& http_get_buf(Cursor& c, snort::Packet* p,
         const HttpBufferInfo& buffer_info) const;
     int32_t http_get_num_headers(snort::Packet* p, const HttpBufferInfo& buffer_info) const;
+    HttpEnums::VersionId http_get_version_id(snort::Packet* p) const;
     bool get_fp_buf(snort::InspectionBuffer::Type ibt, snort::Packet* p,
         snort::InspectionBuffer& b) override;
     bool configure(snort::SnortConfig*) override;
diff --git a/src/service_inspectors/http_inspect/http_msg_section.h b/src/service_inspectors/http_inspect/http_msg_section.h
index 6df75050b..838ff75b5 100644
--- a/src/service_inspectors/http_inspect/http_msg_section.h
+++ b/src/service_inspectors/http_inspect/http_msg_section.h
@@ -81,6 +81,7 @@ public:
 
     uint64_t get_transaction_id() { return trans_num; }
     int32_t get_num_headers(const HttpBufferInfo& buf) const;
+    HttpEnums::VersionId get_version_id() const { return version_id; }
 
     HttpMsgSection* next = nullptr;
 
diff --git a/src/service_inspectors/http_inspect/ips_http.cc b/src/service_inspectors/http_inspect/ips_http.cc
index b62c00513..49898ab54 100644
--- a/src/service_inspectors/http_inspect/ips_http.cc
+++ b/src/service_inspectors/http_inspect/ips_http.cc
@@ -287,13 +287,9 @@ bool HttpIpsOption::retry(Cursor& current_cursor, const Cursor&)
     return false;
 }
 
-IpsOption::EvalStatus HttpIpsOption::eval_version_match(Packet* p, const Http2FlowData* h2i_flow_data)
+IpsOption::EvalStatus HttpIpsOption::eval_version_match(Packet* p, const HttpInspect* hi)
 {
-    const HttpFlowData* const flow_data = (h2i_flow_data != nullptr) ?
-        (HttpFlowData*)h2i_flow_data->get_hi_flow_data():
-        (HttpFlowData*)p->flow->get_flow_data(HttpFlowData::inspector_id);
-    const SourceId source_id = p->is_from_client() ? SRC_CLIENT : SRC_SERVER;
-    const VersionId version = flow_data->get_version_id(source_id);
+    const VersionId version = hi->http_get_version_id(p);
 
     if (version_flags[version - HttpEnums::VERS__MIN])
         return MATCH;
@@ -335,7 +331,7 @@ IpsOption::EvalStatus HttpIpsOption::eval(Cursor& c, Packet* p)
     }
     else if (buffer_info.type == HTTP_VERSION_MATCH)
     {
-        return eval_version_match(p, h2i_flow_data);
+        return eval_version_match(p, hi);
     }
     else
     {
diff --git a/src/service_inspectors/http_inspect/ips_http.h b/src/service_inspectors/http_inspect/ips_http.h
index 90a3e52ea..2d49b122e 100644
--- a/src/service_inspectors/http_inspect/ips_http.h
+++ b/src/service_inspectors/http_inspect/ips_http.h
@@ -31,7 +31,6 @@
 #include "http_enum.h"
 
 class HttpInspect;
-class Http2FlowData;
 
 enum PsIdx { PSI_CLIENT_BODY, PSI_COOKIE, PSI_HEADER, PSI_METHOD, PSI_PARAM,
     PSI_RAW_BODY, PSI_RAW_COOKIE, PSI_RAW_HEADER, PSI_RAW_REQUEST, PSI_RAW_STATUS,
@@ -127,7 +126,7 @@ private:
     const snort::RangeCheck range;
     const std::bitset<HttpRuleOptModule::version_size> version_flags;
 
-    IpsOption::EvalStatus eval_version_match(snort::Packet* p, const Http2FlowData* h2i_flow_data);
+    IpsOption::EvalStatus eval_version_match(snort::Packet* p, const HttpInspect* hi);
 };
 
 #endif