From: Mike Stepanek (mstepane) Date: Tue, 9 Jun 2020 12:08:28 +0000 (+0000) Subject: Merge pull request #2245 in SNORT/snort3 from ~MDAGON/snort3:h2i_bugfix to master X-Git-Tag: 3.0.1-5~19 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=633aaaaefe3bc438c5eaf62b0da6db1ea5fe1fd7;p=thirdparty%2Fsnort3.git Merge pull request #2245 in SNORT/snort3 from ~MDAGON/snort3:h2i_bugfix to master Squashed commit of the following: commit ef7c26b0cbf07e69b4d0073d565a5433c6dd617c Author: mdagon Date: Thu Jun 4 16:27:52 2020 -0400 http2_inspect: partial inspect with less than 8 bytes of frame header in the same packet --- diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc index be133c42c..ec93ad0ec 100644 --- a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc +++ b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc @@ -354,8 +354,23 @@ const StreamBuffer Http2StreamSplitter::implement_reassemble(Http2FlowData* sess if (session_data->frame_type[source_id] == FT_DATA) { - if (session_data->flushing_data[source_id] && (flags & PKT_PDU_TAIL)) - len -= (FRAME_HEADER_LENGTH - 1); + if (session_data->flushing_data[source_id]) + { + assert(total > (FRAME_HEADER_LENGTH - 1)); + const uint32_t total_data = total - (FRAME_HEADER_LENGTH - 1); + if (offset+len > total_data) + { + // frame header that caused the flush is included in current data + if (offset > total_data) + len = 0; // only header bytes + else + { + const uint32_t frame_hdr_bytes = offset + len - total_data; + assert(len >= frame_hdr_bytes); + len -= frame_hdr_bytes; + } + } + } if (len != 0) {