From: Maya Dagon (mdagon) Date: Mon, 25 Sep 2023 16:25:54 +0000 (+0000) Subject: Pull request #4017: http_inspect: clear fake headers snapshot for 0.9 response X-Git-Tag: 3.1.72.0~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f850337a4e990d2c740eef208d23ed06266e86a;p=thirdparty%2Fsnort3.git Pull request #4017: http_inspect: clear fake headers snapshot for 0.9 response Merge in SNORT/snort3 from ~MDAGON/snort3:zero_nine to master Squashed commit of the following: commit 6cb2056dfb53780d8a70b69611a85b8cf2f635f4 Author: maya dagon Date: Thu Sep 21 11:40:03 2023 -0400 http_inspect: clear fake headers snapshot for 0.9 response --- diff --git a/src/service_inspectors/http_inspect/http_inspect.cc b/src/service_inspectors/http_inspect/http_inspect.cc index 76cc2cf7a..d1e26027d 100755 --- a/src/service_inspectors/http_inspect/http_inspect.cc +++ b/src/service_inspectors/http_inspect/http_inspect.cc @@ -697,11 +697,10 @@ const uint8_t* HttpInspect::adjust_log_packet(Packet* p, uint16_t& length) else return nullptr; - // FIXIT-L IPV6 regression test fails with IPv6 anomaly check enabled and - // 'other_section' is NULL. Seems to be a bug in HNI. Needs investigation - if (!other_section) + assert(other_section != nullptr); + if (other_section == nullptr) return nullptr; - + const Field& start_line = other_section->get_classic_buffer(id, 0, 0); if (start_line.length() > 0) { diff --git a/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc b/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc index 63bd0e1c3..e32d6309c 100644 --- a/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc +++ b/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc @@ -27,6 +27,7 @@ #include "protocols/packet.h" #include "http_common.h" +#include "http_context_data.h" #include "http_cutter.h" #include "http_enum.h" #include "http_inspect.h" @@ -238,6 +239,10 @@ StreamSplitter::Status HttpStreamSplitter::scan(Flow* flow, const uint8_t* data, prepare_flush(session_data, nullptr, SEC_HEADER, 0, 0, 0, false, 0, 0); my_inspector->process((const uint8_t*)"", 0, flow, SRC_SERVER, false, nullptr); session_data->transaction[SRC_SERVER]->clear_section(); + HttpContextData* hcd = (HttpContextData*)DetectionEngine::get_data(HttpContextData::ips_id); + assert(hcd != nullptr); + if (hcd != nullptr) + hcd->clear(); } HttpCutter*& cutter = session_data->cutter[source_id];