From: Mike Stepanek (mstepane) <mstepane@cisco.com>
Date: Thu, 30 Apr 2020 20:49:57 +0000 (+0000)
Subject: Merge pull request #2193 in SNORT/snort3 from ~MDAGON/snort3:leftover_wpadding to... 
X-Git-Tag: 3.0.1-3~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4d97c2676146d297d38597da091192d0696afc55;p=thirdparty%2Fsnort3.git

Merge pull request #2193 in SNORT/snort3 from ~MDAGON/snort3:leftover_wpadding to master

Squashed commit of the following:

commit 0fde3b3bea2241a9b0d76d03ffee08ac606b8be4
Author: mdagon <mdagon@cisco.com>
Date:   Wed Apr 29 14:54:52 2020 -0400

    http2_inspect: fix handling leftover data with padding
---

diff --git a/src/service_inspectors/http2_inspect/http2_data_cutter.cc b/src/service_inspectors/http2_inspect/http2_data_cutter.cc
index cb8ea3a53..5164c248c 100644
--- a/src/service_inspectors/http2_inspect/http2_data_cutter.cc
+++ b/src/service_inspectors/http2_inspect/http2_data_cutter.cc
@@ -60,7 +60,7 @@ bool Http2DataCutter::http2_scan(const uint8_t* data, uint32_t length,
             data_state = DATA;
     }
 
-    uint32_t cur_pos = data_offset + leftover_bytes;
+    uint32_t cur_pos = data_offset + leftover_bytes + leftover_padding;
     while ((cur_pos < length) && (data_state != FULL_FRAME))
     {
         switch (data_state)
@@ -112,7 +112,7 @@ bool Http2DataCutter::http2_scan(const uint8_t* data, uint32_t length,
         }
     }
 
-    frame_bytes_seen += (cur_pos - leftover_bytes - data_offset);
+    frame_bytes_seen += (cur_pos - leftover_bytes - data_offset - leftover_padding);
     *flush_offset = data_offset = cur_pos;
     session_data->scan_remaining_frame_octets[source_id] = frame_length - frame_bytes_seen;
     return true;
@@ -137,14 +137,18 @@ StreamSplitter::Status Http2DataCutter::http_scan(const uint8_t* data, uint32_t*
         {
             bytes_sent_http += http_flush_offset;
             leftover_bytes = cur_data + leftover_bytes - http_flush_offset;
-            *flush_offset -= leftover_bytes;
+            if (leftover_bytes != 0 && cur_padding != 0)
+                leftover_padding = cur_padding;
+            else
+                leftover_padding = 0;
+            *flush_offset -= leftover_bytes + leftover_padding;
             if (leftover_bytes || data_state != FULL_FRAME)
                 session_data->mid_data_frame[source_id] = true;
         }
         else if (scan_result == StreamSplitter::SEARCH)
         {
             bytes_sent_http += (cur_data + leftover_bytes);
-            leftover_bytes = 0;
+            leftover_bytes = leftover_padding = 0;
         }
         else if (scan_result == StreamSplitter::ABORT)
             return StreamSplitter::ABORT;
diff --git a/src/service_inspectors/http2_inspect/http2_data_cutter.h b/src/service_inspectors/http2_inspect/http2_data_cutter.h
index 84d04aa02..12557aca5 100644
--- a/src/service_inspectors/http2_inspect/http2_data_cutter.h
+++ b/src/service_inspectors/http2_inspect/http2_data_cutter.h
@@ -54,6 +54,7 @@ private:
     uint32_t padding_read = 0;
     // leftover from previous scan call
     uint32_t leftover_bytes = 0;
+    uint32_t leftover_padding = 0;
     // total per frame - reassemble
     uint32_t reassemble_data_len;
     uint32_t reassemble_padding_len = 0;