From: Tom Peters (thopeter) <thopeter@cisco.com>
Date: Fri, 14 May 2021 22:06:26 +0000 (+0000)
Subject: Merge pull request #2884 in SNORT/snort3 from ~MDAGON/snort3:cleanup to master
X-Git-Tag: 3.1.5.0~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b2f87ffddb20700d8417cae161d33312f82c6187;p=thirdparty%2Fsnort3.git

Merge pull request #2884 in SNORT/snort3 from ~MDAGON/snort3:cleanup to master

Squashed commit of the following:

commit c5b9bb50ce47a73a4928b3d4d50c7d97bdee9546
Author: Maya Dagon <mdagon@cisco.com>
Date:   Fri May 7 12:12:53 2021 -0400

    http2_inspect: update state and delete streams after reaching flow
    depth
---

diff --git a/src/service_inspectors/http2_inspect/http2_stream.cc b/src/service_inspectors/http2_inspect/http2_stream.cc
index 19aaf27f1..3ab143105 100644
--- a/src/service_inspectors/http2_inspect/http2_stream.cc
+++ b/src/service_inspectors/http2_inspect/http2_stream.cc
@@ -70,13 +70,9 @@ void Http2Stream::eval_frame(const uint8_t* header_buffer, uint32_t header_len,
     }
 }
 
-void Http2Stream::clear_frame()
+// check if stream is completed, do cleanup if it is
+void Http2Stream::check_and_cleanup_completed()
 {
-    assert(current_frame != nullptr);
-    current_frame->clear();
-    delete current_frame;
-    current_frame = nullptr;
-
     if ((state[SRC_CLIENT] >= STREAM_COMPLETE) && (state[SRC_SERVER] >= STREAM_COMPLETE))
     {
         if (hi_flow_data != nullptr)
@@ -89,6 +85,16 @@ void Http2Stream::clear_frame()
     }
 }
 
+void Http2Stream::clear_frame()
+{
+    assert(current_frame != nullptr);
+    current_frame->clear();
+    delete current_frame;
+    current_frame = nullptr;
+
+    check_and_cleanup_completed();
+}
+
 void Http2Stream::set_state(HttpCommon::SourceId source_id, StreamState new_state)
 {
     assert((STREAM_EXPECT_HEADERS <= new_state) && (new_state <= STREAM_ERROR));
diff --git a/src/service_inspectors/http2_inspect/http2_stream.h b/src/service_inspectors/http2_inspect/http2_stream.h
index 241ed5fa7..ec0209f28 100644
--- a/src/service_inspectors/http2_inspect/http2_stream.h
+++ b/src/service_inspectors/http2_inspect/http2_stream.h
@@ -39,6 +39,7 @@ public:
     uint32_t get_stream_id() const { return stream_id; }
     void eval_frame(const uint8_t* header_buffer, uint32_t header_len, const uint8_t* data_buffer,
         uint32_t data_len, HttpCommon::SourceId source_id);
+    void check_and_cleanup_completed();
     void clear_frame();
     const Field& get_buf(unsigned id);
     HttpFlowData* get_hi_flow_data() const { return hi_flow_data; }
diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter.h b/src/service_inspectors/http2_inspect/http2_stream_splitter.h
index 981caffef..38248e4ee 100644
--- a/src/service_inspectors/http2_inspect/http2_stream_splitter.h
+++ b/src/service_inspectors/http2_inspect/http2_stream_splitter.h
@@ -60,6 +60,7 @@ private:
         HttpCommon::SourceId source_id);
     static bool read_frame_hdr(Http2FlowData* session_data, const uint8_t* data,
         uint32_t length, HttpCommon::SourceId source_id, uint32_t& data_offset);
+    static void discarded_data_frame_cleanup(Http2FlowData* session_data, HttpCommon::SourceId source_id);
 };
 
 
diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
index 5d6925b10..98ab536db 100644
--- a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
+++ b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
@@ -508,8 +508,31 @@ const StreamBuffer Http2StreamSplitter::implement_reassemble(Http2FlowData* sess
             // but don't create pkt_data buffer
             frame_buf.data = (const uint8_t*)"";
         }
+        else
+            discarded_data_frame_cleanup(session_data, source_id);
     }
 
     return frame_buf;
 }
 
+void Http2StreamSplitter::discarded_data_frame_cleanup(Http2FlowData* session_data, HttpCommon::SourceId source_id)
+{
+    Http2Stream* const stream = session_data->find_current_stream(source_id);
+
+    if (!stream || stream->get_state(source_id) == STREAM_ERROR)
+        return;
+
+    if (stream->is_end_stream_on_data_flush(source_id))
+    {
+        if (session_data->concurrent_files > 0)
+            session_data->concurrent_files -= 1;
+        stream->set_state(source_id, STREAM_COMPLETE);
+        stream->check_and_cleanup_completed();
+        if (session_data->delete_stream)
+        {
+            session_data->processing_stream_id = session_data->get_current_stream_id(source_id);
+            session_data->delete_processing_stream();
+            session_data->processing_stream_id = NO_STREAM_ID;
+        }
+    }
+}