From: Mike Stepanek (mstepane) Date: Wed, 7 Aug 2019 20:47:27 +0000 (-0400) Subject: Merge pull request #1700 in SNORT/snort3 from ~KATHARVE/snort3:0_byte_workaround... X-Git-Tag: 3.0.0-259~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=81c530924f7dd5eaa48281418958dd834e7bd332;p=thirdparty%2Fsnort3.git Merge pull request #1700 in SNORT/snort3 from ~KATHARVE/snort3:0_byte_workaround to master Squashed commit of the following: commit 83d922a1dc71b2f874e32ed35d2692598b3bc31a Author: Katura Harvey Date: Tue Jul 30 13:37:30 2019 -0400 http_inspect: remove 0-byte workaround --- diff --git a/src/managers/inspector_manager.cc b/src/managers/inspector_manager.cc index 0315a87b4..55e87d74b 100644 --- a/src/managers/inspector_manager.cc +++ b/src/managers/inspector_manager.cc @@ -1022,7 +1022,9 @@ void InspectorManager::full_inspection(Packet* p) if ( flow->service and flow->clouseau and !p->is_cooked() ) bumble(p); - if ( !p->dsize ) + // For reassembled PDUs, a null data buffer signals no detection. Detection can be required + // with a length of 0. For raw packets, a length of 0 does signal no detection. + if ( (p->is_cooked() and !p->data) or (!p->is_cooked() and !p->dsize) ) DetectionEngine::disable_content(p); else if ( flow->gadget && flow->gadget->likes(p) ) diff --git a/src/service_inspectors/http_inspect/http_flow_data.h b/src/service_inspectors/http_inspect/http_flow_data.h index 42769c327..36558c8e6 100644 --- a/src/service_inspectors/http_inspect/http_flow_data.h +++ b/src/service_inspectors/http_inspect/http_flow_data.h @@ -95,7 +95,6 @@ private: HttpEnums::SEC__NOT_COMPUTE }; int32_t num_head_lines[2] = { HttpEnums::STAT_NOT_PRESENT, HttpEnums::STAT_NOT_PRESENT }; bool tcp_close[2] = { false, false }; - bool zero_byte_workaround[2]; bool partial_flush[2] = { false, false }; // Infractions and events are associated with a specific message and are stored in the diff --git a/src/service_inspectors/http_inspect/http_inspect.cc b/src/service_inspectors/http_inspect/http_inspect.cc index 14738a977..b1774c2ae 100644 --- a/src/service_inspectors/http_inspect/http_inspect.cc +++ b/src/service_inspectors/http_inspect/http_inspect.cc @@ -279,11 +279,10 @@ void HttpInspect::eval(Packet* p) return; // Don't make pkt_data for headers available to detection - // FIXIT-M One byte to avoid potential problems with zero if ((session_data->section_type[source_id] == SEC_HEADER) || (session_data->section_type[source_id] == SEC_TRAILER)) { - p->set_detect_limit(1); + p->set_detect_limit(0); } // Limit alt_dsize of message body sections to request/response depth @@ -293,9 +292,8 @@ void HttpInspect::eval(Packet* p) p->set_detect_limit(session_data->detect_depth_remaining[source_id]); } - const int remove_workaround = session_data->zero_byte_workaround[source_id] ? 1 : 0; const bool partial_flush = session_data->partial_flush[source_id]; - if (!process(p->data, p->dsize - remove_workaround, p->flow, source_id, !partial_flush)) + if (!process(p->data, p->dsize, p->flow, source_id, !partial_flush)) { DetectionEngine::disable_content(p); } diff --git a/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc b/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc index 81d3dcab1..c9873678f 100644 --- a/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc +++ b/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc @@ -418,19 +418,9 @@ const snort::StreamBuffer HttpStreamSplitter::reassemble(snort::Flow* flow, unsi partial_buffer_length = buf_size; } - // FIXIT-M kludge until we work out issues with returning an empty buffer http_buf.data = buffer; - if (buf_size > 0) - { - http_buf.length = buf_size; - session_data->zero_byte_workaround[source_id] = false; - } - else - { - buffer[0] = '\0'; - http_buf.length = 1; - session_data->zero_byte_workaround[source_id] = true; - } + http_buf.length = buf_size; + buffer = nullptr; session_data->section_offset[source_id] = 0; } diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc index cf156041c..82a35b3a9 100644 --- a/src/stream/tcp/tcp_reassembler.cc +++ b/src/stream/tcp/tcp_reassembler.cc @@ -568,7 +568,7 @@ int TcpReassembler::_flush_to_seq( bytes_processed += flushed_bytes; trs.sos.seglist_base_seq += flushed_bytes; - if ( pdu->dsize ) + if ( pdu->data ) { if ( p->packet_flags & PKT_PDU_TAIL ) pdu->packet_flags |= ( PKT_REBUILT_STREAM | PKT_STREAM_EST | PKT_PDU_TAIL );