From: Mike Stepanek (mstepane) <mstepane@cisco.com>
Date: Tue, 22 Sep 2020 19:38:56 +0000 (+0000)
Subject: Merge pull request #2489 in SNORT/snort3 from ~MDAGON/snort3:push_promise to master
X-Git-Tag: 3.0.3-1~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=917fd81ed83d9a0c45647964b855ffbcdef77a7e;p=thirdparty%2Fsnort3.git

Merge pull request #2489 in SNORT/snort3 from ~MDAGON/snort3:push_promise to master

Squashed commit of the following:

commit 6d0b51f16b635cae70a2a143e07bacd8b672e909
Author: mdagon <mdagon@cisco.com>
Date:   Fri Sep 18 13:35:20 2020 -0400

    payload_injector: don't inject if stream id is even
---

diff --git a/src/payload_injector/payload_injector_module.cc b/src/payload_injector/payload_injector_module.cc
index 094b7272b..5df57a9b0 100644
--- a/src/payload_injector/payload_injector_module.cc
+++ b/src/payload_injector/payload_injector_module.cc
@@ -59,7 +59,8 @@ static const std::map <InjectionReturnStatus, const char*> InjectionErrorToStrin
     { ERR_HTTP2_MID_FRAME, "HTTP/2 - attempt to inject mid frame. Currently not supported." },
     { ERR_TRANSLATED_HDRS_SIZE,
       "HTTP/2 translated header size is bigger than expected. Update max size." },
-    { ERR_HTTP2_BODY_SIZE, "HTTP/2 body is > 16k. Currently not supported." }
+    { ERR_HTTP2_BODY_SIZE, "HTTP/2 body is > 16k. Currently not supported." },
+    { ERR_HTTP2_EVEN_STREAM_ID, "HTTP/2 - injection to server initiated stream" }
 };
 
 bool PayloadInjectorModule::configured = false;
@@ -87,6 +88,11 @@ InjectionReturnStatus PayloadInjectorModule::inject_http2_payload(Packet* p,
 
     if (control.stream_id == 0)
         status = ERR_HTTP2_STREAM_ID_0;
+    else if (control.stream_id % 2 == 0)
+    {
+        // Don't inject against server initiated streams
+        status = ERR_HTTP2_EVEN_STREAM_ID;
+    }
     else
     {
         // Check if mid frame
diff --git a/src/payload_injector/payload_injector_module.h b/src/payload_injector/payload_injector_module.h
index bcea00498..3e874a3ae 100644
--- a/src/payload_injector/payload_injector_module.h
+++ b/src/payload_injector/payload_injector_module.h
@@ -50,6 +50,7 @@ enum InjectionReturnStatus : int8_t
     ERR_HTTP2_MID_FRAME = -6,
     ERR_TRANSLATED_HDRS_SIZE = -7,
     ERR_HTTP2_BODY_SIZE = -8,
+    ERR_HTTP2_EVEN_STREAM_ID = -9
     // Update InjectionErrorToString when adding/removing error codes
 };
 
diff --git a/src/payload_injector/test/payload_injector_test.cc b/src/payload_injector/test/payload_injector_test.cc
index 736f03759..42608fe62 100644
--- a/src/payload_injector/test/payload_injector_test.cc
+++ b/src/payload_injector/test/payload_injector_test.cc
@@ -219,6 +219,24 @@ TEST(payload_injector_test, http2_stream0)
     delete flow.gadget;
 }
 
+TEST(payload_injector_test, http2_even_stream_id)
+{
+    mod.set_configured(true);
+    Packet p(false);
+    p.packet_flags = PKT_STREAM_EST;
+    mock_api.base.name = "http2_inspect";
+    flow.gadget = new MockInspector();
+    p.flow = &flow;
+    control.stream_id = 2;
+    InjectionReturnStatus status = mod.inject_http_payload(&p, control);
+    CHECK(counts->http2_injects == 0);
+    CHECK(status == ERR_HTTP2_EVEN_STREAM_ID);
+    CHECK(flow.flow_state == Flow::FlowState::BLOCK);
+    const char* err_string = mod.get_err_string(status);
+    CHECK(strcmp(err_string, "HTTP/2 - injection to server initiated stream") == 0);
+    delete flow.gadget;
+}
+
 TEST(payload_injector_test, http2_success)
 {
     mod.set_configured(true);