From: Shravan Rangarajuvenkata (shrarang) Date: Thu, 4 Jun 2020 19:20:30 +0000 (+0000) Subject: Merge pull request #2239 in SNORT/snort3 from ~ANTOROZC/snort3:vkovalen_no_sni to... X-Git-Tag: 3.0.1-5~27 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5cf84c52f15bd98dd20703519513e16abc8db2e3;p=thirdparty%2Fsnort3.git Merge pull request #2239 in SNORT/snort3 from ~ANTOROZC/snort3:vkovalen_no_sni to master Squashed commit of the following: commit 034c71cccbba39b7d746acc2858241d9cc7ed51a Author: Viktoriia Kovalenko Date: Fri May 29 15:20:08 2020 +0300 appid: set appid_tlshost_bit when we set tls_cname --- diff --git a/src/network_inspectors/appid/appid_api.cc b/src/network_inspectors/appid/appid_api.cc index 13b51a12b..514aa5aa2 100644 --- a/src/network_inspectors/appid/appid_api.cc +++ b/src/network_inspectors/appid/appid_api.cc @@ -236,7 +236,7 @@ bool AppIdApi::ssl_app_group_id_lookup(Flow* flow, const char* server_name, cons { ssl_matchers.scan_cname((const uint8_t*)common_name, strlen(common_name), client_id, payload_id); - asd->tsession->set_tls_cname(common_name, strlen(common_name)); + asd->tsession->set_tls_cname(common_name, strlen(common_name), change_bits); asd->scan_flags |= SCAN_SSL_CERTIFICATE_FLAG; asd->scan_flags |= SCAN_DO_NOT_OVERRIDE_COMMON_NAME_FLAG; } diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h index f836d5604..de19faba5 100644 --- a/src/network_inspectors/appid/appid_session.h +++ b/src/network_inspectors/appid/appid_session.h @@ -153,7 +153,7 @@ struct TlsSession change_bits.set(APPID_TLSHOST_BIT); } - void set_tls_cname(const char* new_tls_cname, uint32_t len) + void set_tls_cname(const char* new_tls_cname, uint32_t len, AppidChangeBits& change_bits) { if (tls_cname) snort_free(tls_cname); @@ -164,6 +164,8 @@ struct TlsSession } tls_cname = len? snort::snort_strndup(new_tls_cname,len) : const_cast(new_tls_cname); + if (tls_host == nullptr) + change_bits.set(APPID_TLSHOST_BIT); } void set_tls_org_unit(const char* new_tls_org_unit, uint32_t len) diff --git a/src/network_inspectors/appid/appid_session_api.cc b/src/network_inspectors/appid/appid_session_api.cc index 572aba566..a2e498207 100644 --- a/src/network_inspectors/appid/appid_session_api.cc +++ b/src/network_inspectors/appid/appid_session_api.cc @@ -242,7 +242,10 @@ short AppIdSessionApi::get_service_port() char* AppIdSessionApi::get_tls_host() { if (asd->tsession) - return asd->tsession->get_tls_host(); + if (asd->tsession->get_tls_host()) + return asd->tsession->get_tls_host(); + else + return asd->tsession->get_tls_cname(); return nullptr; } diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.cc b/src/network_inspectors/appid/service_plugins/service_ssl.cc index 6e2b97dca..b5ce74884 100644 --- a/src/network_inspectors/appid/service_plugins/service_ssl.cc +++ b/src/network_inspectors/appid/service_plugins/service_ssl.cc @@ -728,7 +728,7 @@ success: /* TLS Common Name */ if (ss->common_name) { - args.asd.tsession->set_tls_cname(ss->common_name, 0); + args.asd.tsession->set_tls_cname(ss->common_name, 0, args.change_bits); args.asd.scan_flags |= SCAN_SSL_CERTIFICATE_FLAG; } /* TLS Org Unit */ diff --git a/src/network_inspectors/appid/test/appid_api_test.cc b/src/network_inspectors/appid/test/appid_api_test.cc index f6aac46e2..3a621915d 100644 --- a/src/network_inspectors/appid/test/appid_api_test.cc +++ b/src/network_inspectors/appid/test/appid_api_test.cc @@ -248,7 +248,7 @@ TEST(appid_api, ssl_app_group_id_lookup) AppidChangeBits change_bits; mock_session->tsession->set_tls_host("www.cisco.com", 13, change_bits); - mock_session->tsession->set_tls_cname("www.cisco.com", 13); + mock_session->tsession->set_tls_cname("www.cisco.com", 13, change_bits); mock_session->tsession->set_tls_org_unit("Cisco", 5); STRCMP_EQUAL(mock_session->tsession->get_tls_host(), "www.cisco.com"); STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), "www.cisco.com"); @@ -272,7 +272,7 @@ TEST(appid_api, ssl_app_group_id_lookup) STRCMP_EQUAL(mock_session->tsession->get_tls_host(), nullptr); STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST); STRCMP_EQUAL(mock_session->tsession->get_tls_org_unit(), "Google"); - STRCMP_EQUAL("Published change_bits == 000000000110", test_log); + STRCMP_EQUAL("Published change_bits == 000001000110", test_log); mock().checkExpectations(); } diff --git a/src/network_inspectors/appid/tp_appid_utils.cc b/src/network_inspectors/appid/tp_appid_utils.cc index 03d961e45..4c98f05ac 100644 --- a/src/network_inspectors/appid/tp_appid_utils.cc +++ b/src/network_inspectors/appid/tp_appid_utils.cc @@ -461,7 +461,7 @@ static inline void process_ssl(AppIdSession& asd, asd.tsession->get_tls_cname() == nullptr and (field = attribute_data.tls_cname()) != nullptr) { - asd.tsession->set_tls_cname(field->c_str(), field->size()); + asd.tsession->set_tls_cname(field->c_str(), field->size(), change_bits); if (reinspect_ssl_appid) asd.scan_flags |= SCAN_SSL_CERTIFICATE_FLAG; }