From: Tom Peters (thopeter) Date: Sat, 8 May 2021 00:12:36 +0000 (+0000) Subject: Merge pull request #2875 in SNORT/snort3 from ~MDAGON/snort3:depth_trailer to master X-Git-Tag: 3.1.5.0~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=81589b196554fce2e26d093a9fe3c08eb1b00549;p=thirdparty%2Fsnort3.git Merge pull request #2875 in SNORT/snort3 from ~MDAGON/snort3:depth_trailer to master Squashed commit of the following: commit 194cedcca2a396e44522607dfd9add653f829367 Author: Maya Dagon Date: Thu Apr 29 13:00:41 2021 -0400 http2_inspect: handle trailer after reaching flow depth --- diff --git a/src/service_inspectors/http2_inspect/http2_headers_frame_trailer.cc b/src/service_inspectors/http2_inspect/http2_headers_frame_trailer.cc index 3cd3ee3ab..723b3ed08 100644 --- a/src/service_inspectors/http2_inspect/http2_headers_frame_trailer.cc +++ b/src/service_inspectors/http2_inspect/http2_headers_frame_trailer.cc @@ -98,22 +98,24 @@ void Http2HeadersFrameTrailer::analyze_http1() const StreamBuffer stream_buf = session_data->hi_ss[source_id]->reassemble(session_data->flow, 0, 0, nullptr, 0, PKT_PDU_TAIL, copied); - assert(stream_buf.data != nullptr); assert(copied == 0); - Http2DummyPacket dummy_pkt; - dummy_pkt.flow = session_data->flow; - dummy_pkt.packet_flags = (source_id == SRC_CLIENT) ? PKT_FROM_CLIENT : PKT_FROM_SERVER; - dummy_pkt.dsize = stream_buf.length; - dummy_pkt.data = stream_buf.data; - session_data->hi->eval(&dummy_pkt); - assert (http_flow->get_type_expected(source_id) == HttpEnums::SEC_TRAILER); - if (http_flow->get_type_expected(source_id) == HttpEnums::SEC_ABORT) + if (stream_buf.data != nullptr) { - stream->set_state(source_id, STREAM_ERROR); - return; + Http2DummyPacket dummy_pkt; + dummy_pkt.flow = session_data->flow; + dummy_pkt.packet_flags = (source_id == SRC_CLIENT) ? PKT_FROM_CLIENT : PKT_FROM_SERVER; + dummy_pkt.dsize = stream_buf.length; + dummy_pkt.data = stream_buf.data; + session_data->hi->eval(&dummy_pkt); + assert (http_flow->get_type_expected(source_id) == HttpEnums::SEC_TRAILER); + if (http_flow->get_type_expected(source_id) == HttpEnums::SEC_ABORT) + { + stream->set_state(source_id, STREAM_ERROR); + return; + } + session_data->hi->clear(&dummy_pkt); } - session_data->hi->clear(&dummy_pkt); } process_decoded_headers(http_flow, source_id); @@ -139,6 +141,7 @@ void Http2HeadersFrameTrailer::print_frame(FILE* output) { fprintf(output, "Trailers frame\n"); Http2HeadersFrame::print_frame(output); - } + #endif + diff --git a/src/service_inspectors/http_inspect/http_cutter.cc b/src/service_inspectors/http_inspect/http_cutter.cc index 5dbddca3d..098c17c57 100644 --- a/src/service_inspectors/http_inspect/http_cutter.cc +++ b/src/service_inspectors/http_inspect/http_cutter.cc @@ -769,6 +769,9 @@ ScanResult HttpBodyH2Cutter::cut(const uint8_t* buffer, uint32_t length, { num_flush = length; total_octets_scanned += length; + if (state != H2_BODY_NOT_COMPLETE) + return SCAN_DISCARD; + return SCAN_DISCARD_PIECE; } diff --git a/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc b/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc index a233f97b6..ddfbb4d54 100644 --- a/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc +++ b/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc @@ -346,8 +346,9 @@ const StreamBuffer HttpStreamSplitter::reassemble(Flow* flow, unsigned total, { session_data->half_reset(source_id); } - // FIXIT-M update this to include H2 message once H2I supports trailers and finish() - else if (session_data->type_expected[source_id] == SEC_BODY_CHUNK) + else if (session_data->type_expected[source_id] == SEC_BODY_CHUNK || + (session_data->type_expected[source_id] == SEC_BODY_H2 && + session_data->h2_body_state[source_id] == H2_BODY_COMPLETE_EXPECT_TRAILERS)) { session_data->trailer_prep(source_id); }