From: Tom Peters (thopeter) Date: Fri, 11 Jan 2019 17:47:56 +0000 (-0500) Subject: Merge pull request #1484 in SNORT/snort3 from ~SBAIGAL/snort3:ignore_flow_fix to... X-Git-Tag: 3.0.0-251~67 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=69dfddab99557af5f75dbf662c5f3eee3ba7841f;p=thirdparty%2Fsnort3.git Merge pull request #1484 in SNORT/snort3 from ~SBAIGAL/snort3:ignore_flow_fix to master Squashed commit of the following: commit b8a616d3813c26199ca5e216678498e71b31dba8 Author: Steven Baigal (sbaigal) Date: Thu Jan 10 14:47:37 2019 -0500 stream: fixed ignore_flow segfault bug caused by allocating generic flow data instead of inspector specific flow data --- diff --git a/src/service_inspectors/ftp_telnet/pp_ftp.cc b/src/service_inspectors/ftp_telnet/pp_ftp.cc index 8a2068cd4..9661945bb 100644 --- a/src/service_inspectors/ftp_telnet/pp_ftp.cc +++ b/src/service_inspectors/ftp_telnet/pp_ftp.cc @@ -1097,7 +1097,7 @@ static int do_stateful_checks(FTP_SESSION* session, Packet* p, p, PktType::TCP, IpProtocol::TCP, &session->clientIP, session->clientPort, &session->serverIP, session->serverPort, - SSN_DIR_BOTH, FtpDataFlowData::inspector_id); + SSN_DIR_BOTH, (new FtpDataFlowData(p))); } } } @@ -1175,7 +1175,7 @@ static int do_stateful_checks(FTP_SESSION* session, Packet* p, p, PktType::TCP, IpProtocol::TCP, &session->clientIP, session->clientPort, &session->serverIP, session->serverPort, - SSN_DIR_BOTH, FtpDataFlowData::inspector_id); + SSN_DIR_BOTH, (new FtpDataFlowData(p))); } } } diff --git a/src/service_inspectors/sip/sip_dialog.cc b/src/service_inspectors/sip/sip_dialog.cc index a34990544..d81ea45f3 100644 --- a/src/service_inspectors/sip/sip_dialog.cc +++ b/src/service_inspectors/sip/sip_dialog.cc @@ -400,7 +400,7 @@ static int SIP_ignoreChannels(SIP_DialogData* dialog, Packet* p, SIP_PROTO_CONF* else { Stream::ignore_flow(p, p->flow->pkt_type, p->get_ip_proto_next(), &mdataA->maddress, - mdataA->mport, &mdataB->maddress, mdataB->mport, SSN_DIR_BOTH, SipFlowData::inspector_id); + mdataA->mport, &mdataB->maddress, mdataB->mport, SSN_DIR_BOTH, (new SipFlowData)); } sip_stats.ignoreChannels++; mdataA = mdataA->nextM; diff --git a/src/stream/stream.cc b/src/stream/stream.cc index a1356ad4c..30d23f4ad 100644 --- a/src/stream/stream.cc +++ b/src/stream/stream.cc @@ -186,10 +186,9 @@ int Stream::ignore_flow( const Packet* ctrlPkt, PktType type, IpProtocol ip_proto, const SfIp* srcIP, uint16_t srcPort, const SfIp* dstIP, uint16_t dstPort, - char direction, uint32_t flowdata_id) + char direction, FlowData* fd) { assert(flow_con); - FlowData* fd = new FlowData(flowdata_id); return flow_con->add_expected( ctrlPkt, type, ip_proto, srcIP, srcPort, dstIP, dstPort, direction, fd); diff --git a/src/stream/stream.h b/src/stream/stream.h index cae196384..55d00e443 100644 --- a/src/stream/stream.h +++ b/src/stream/stream.h @@ -111,7 +111,7 @@ public: // when it arrives. static int ignore_flow( const Packet* ctrlPkt, PktType, IpProtocol, const snort::SfIp* srcIP, uint16_t srcPort, - const snort::SfIp* dstIP, uint16_t dstPort, char direction, uint32_t flowdata_id); + const snort::SfIp* dstIP, uint16_t dstPort, char direction, FlowData* fd); // Resume inspection for flow. // FIXIT-L does resume work only for a flow that has been stopped by call to stop_inspection?