From: Davis McPherson -X (davmcphe - XORIANT CORPORATION at Cisco) <davmcphe@cisco.com>
Date: Tue, 28 Jan 2025 21:42:36 +0000 (+0000)
Subject: Pull request #4586: packet_io: check the DAQ_Msg_h parameter on api calls and return... 
X-Git-Tag: 3.6.3.0~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=68e061fd025968ce418472ef136ac295a451778b;p=thirdparty%2Fsnort3.git

Pull request #4586: packet_io: check the DAQ_Msg_h parameter on api calls and return an error code when it is a  null pointer

Merge in SNORT/snort3 from ~DAVMCPHE/snort3:add_daq_api_parameter_checks to master

Squashed commit of the following:

commit bbc8506425b0e322a327284b0d682d7ace3e18a6
Author: davis mcpherson <davmcphe@cisco.com>
Date:   Tue Jan 28 09:09:13 2025 -0500

    ftp_telnet: only add expected flows when the daq_msg fieldin the control packet is not null.

commit 58d45bda1ee4118c50d35987582807b02be075fe
Author: davis mcpherson <davmcphe@cisco.com>
Date:   Fri Jan 24 15:20:27 2025 -0500

    packet_io: check the DAQ_Msg_h parameter on api calls and return an error code when it is a  null pointer
---

diff --git a/src/flow/expect_cache.cc b/src/flow/expect_cache.cc
index e4aa26ab9..f68f7d62a 100644
--- a/src/flow/expect_cache.cc
+++ b/src/flow/expect_cache.cc
@@ -397,8 +397,10 @@ int ExpectCache::add_flow(const Packet *ctrlPkt, PktType type, IpProtocol ip_pro
         node->head = node->tail = nullptr;
         node->count = 0;
         last = nullptr;
-        /* Only add TCP and UDP expected flows for now via the DAQ module. */
-        if ((ip_proto == IpProtocol::TCP || ip_proto == IpProtocol::UDP) && ctrlPkt->daq_instance)
+        // Only add TCP and UDP expected flows for now via the DAQ module. Additionally only
+        // add the expected flow when the daq_msg field is non-null.  A null daq_msg field
+        // indicates the flow is closing and it is too late to add an expected flow.
+        if ((ip_proto == IpProtocol::TCP || ip_proto == IpProtocol::UDP) && ctrlPkt->daq_msg)
         {
             if (PacketTracer::is_active())
             {
diff --git a/src/packet_io/sfdaq_instance.cc b/src/packet_io/sfdaq_instance.cc
index c52a67c48..1fd359c1a 100644
--- a/src/packet_io/sfdaq_instance.cc
+++ b/src/packet_io/sfdaq_instance.cc
@@ -201,6 +201,9 @@ DAQ_RecvStatus SFDAQInstance::receive_messages(unsigned max_recv)
 
 int SFDAQInstance::finalize_message(DAQ_Msg_h msg, DAQ_Verdict verdict)
 {
+    if ( !msg )
+        return DAQ_ERROR_INVAL;
+
     int rval = daq_instance_msg_finalize(instance, msg, verdict);
     if (rval == DAQ_SUCCESS)
         pool_available++;
@@ -273,6 +276,9 @@ bool SFDAQInstance::stop()
 
 int SFDAQInstance::inject(DAQ_Msg_h msg, int rev, const uint8_t* buf, uint32_t len)
 {
+    if ( !msg )
+        return DAQ_ERROR_INVAL;
+
     int rval = daq_instance_inject_relative(instance, msg, buf, len, rev);
 #ifdef DEBUG_MSGS
     if (rval != DAQ_SUCCESS)
@@ -305,6 +311,9 @@ int SFDAQInstance::ioctl(DAQ_IoctlCmd cmd, void *arg, size_t arglen)
 
 int SFDAQInstance::modify_flow_opaque(DAQ_Msg_h msg, uint32_t opaque)
 {
+    if ( !msg )
+        return DAQ_ERROR_INVAL;
+
     DIOCTL_SetFlowOpaque d_sfo;
     d_sfo.msg = msg;
     d_sfo.value = opaque;
@@ -314,6 +323,9 @@ int SFDAQInstance::modify_flow_opaque(DAQ_Msg_h msg, uint32_t opaque)
 
 int SFDAQInstance::set_packet_verdict_reason(DAQ_Msg_h msg, uint8_t verdict_reason)
 {
+    if ( !msg )
+        return DAQ_ERROR_INVAL;
+
     DIOCTL_SetPacketVerdictReason d_spvr;
 
     d_spvr.msg = msg;
@@ -324,6 +336,9 @@ int SFDAQInstance::set_packet_verdict_reason(DAQ_Msg_h msg, uint8_t verdict_reas
 
 int SFDAQInstance::set_packet_trace_data(DAQ_Msg_h msg, uint8_t* buff, uint32_t buff_len)
 {
+    if ( !msg )
+        return DAQ_ERROR_INVAL;
+
     DIOCTL_SetPacketTraceData d_sptd;
 
     d_sptd.msg = msg;
diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc
index 6e4595f3b..46c568d4f 100644
--- a/src/stream/tcp/tcp_reassembler.cc
+++ b/src/stream/tcp/tcp_reassembler.cc
@@ -29,8 +29,10 @@
 
 #include "detection/detection_engine.h"
 #include "log/log.h"
+#include "main/analyzer.h"
 #include "packet_io/active.h"
 #include "packet_io/packet_tracer.h"
+#include "packet_io/sfdaq.h"
 #include "profiler/profiler.h"
 #include "protocols/packet_manager.h"
 #include "stream/stream_splitter.h"
@@ -478,11 +480,12 @@ void TcpReassemblerBase::final_flush(Packet* p, uint32_t dir)
 static Packet* get_packet(Flow* flow, uint32_t flags, bool c2s)
 {
     Packet* p = DetectionEngine::set_next_packet(nullptr, flow);
-
     DAQ_PktHdr_t* ph = p->context->pkth;
     memset(ph, 0, sizeof(*ph));
     packet_gettimeofday(&ph->ts);
 
+    if ( !p->daq_instance )
+        p->daq_instance = SFDAQ::get_local_instance();
     p->pktlen = 0;
     p->data = nullptr;
     p->dsize = 0;