From: Mike Stepanek (mstepane) <mstepane@cisco.com>
Date: Wed, 8 Jun 2022 10:54:40 +0000 (+0000)
Subject: Pull request #3455: JS Normalizer: add explicit check for HTML script opening tag... 
X-Git-Tag: 3.1.32.0~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=58b2cfdee96393cda4e928516ae4f74b2698eb51;p=thirdparty%2Fsnort3.git

Pull request #3455: JS Normalizer: add explicit check for HTML script opening tag ending

Merge in SNORT/snort3 from ~OSERHIIE/snort3:js_inline_scripts to master

Squashed commit of the following:

commit f8e2c07bc730f705941d659fb8eb2e70c8e4c00d
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Thu Jun 2 15:28:06 2022 +0300

    http_inspect: add explicit check for HTML script opening tag ending
---

diff --git a/src/service_inspectors/http_inspect/http_js_norm.cc b/src/service_inspectors/http_inspect/http_js_norm.cc
index 8a6a67161..8423fc5ac 100644
--- a/src/service_inspectors/http_inspect/http_js_norm.cc
+++ b/src/service_inspectors/http_inspect/http_js_norm.cc
@@ -268,7 +268,7 @@ void HttpJsNorm::do_inline(const Field& input, Field& output,
                 ptr++;
             else
             {
-                if (!mpse_attr->find(ptr, end - ptr, match_attr, false, &sctx))
+                if (!mpse_attr->find(ptr, end - ptr, match_attr, false, &sctx) || ptr == sctx.next)
                     break; // the opening tag never ends
                 ptr = sctx.next;
             }
@@ -570,9 +570,9 @@ int HttpJsNorm::match_attr(void* pid, void*, int index, void* sctx, void*)
         return 0;
 
     default:
+        assert(false);
         ctx->is_external = false;
         ctx->is_javascript = false;
-        ctx->next += index;
         return 1;
     }
 }