From: Brian Morris (bmorris2) <bmorris2@cisco.com>
Date: Fri, 18 Nov 2022 21:21:20 +0000 (+0000)
Subject: Pull request #3669: snort: fix deferred trust trigger
X-Git-Tag: 3.1.48.0~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b86ca127f98fa7c9a39af20cccb59853d5215f0e;p=thirdparty%2Fsnort3.git

Pull request #3669: snort: fix deferred trust trigger

Merge in SNORT/snort3 from XTLS/snort3:osiryi_retry_whitelist_fix to master

Squashed commit of the following:

commit 8c454ad2416715be673406a15927fce7ad8048d0
Author: Oleksandr Siryi <osiryi@cisco.com>
Date:   Wed Nov 16 12:56:51 2022 +0200

    flow: fix deferred trust clear when packet is dropped

    Should only clear due to ACT_BLOCK and not ACT_DROP, so check session_was_blocked instead of packet_was_dropped
---

diff --git a/src/flow/deferred_trust.cc b/src/flow/deferred_trust.cc
index d54bae708..599ca9317 100644
--- a/src/flow/deferred_trust.cc
+++ b/src/flow/deferred_trust.cc
@@ -59,7 +59,7 @@ void DeferredTrust::set_deferred_trust(unsigned module_id, bool on)
 
 void DeferredTrust::finalize(Active& active)
 {
-    if (active.packet_was_dropped())
+    if (active.session_was_blocked())
         clear();
     else if (TRUST_DEFER_DO_TRUST == deferred_trust && active.session_was_allowed())
         active.set_trust();
diff --git a/src/flow/test/deferred_trust_test.cc b/src/flow/test/deferred_trust_test.cc
index f92d54fb7..720bd21d0 100644
--- a/src/flow/test/deferred_trust_test.cc
+++ b/src/flow/test/deferred_trust_test.cc
@@ -150,6 +150,34 @@ TEST(deferred_trust_test, finalize)
     CHECK_TEXT(active.session_was_allowed(), "Session was not allowed while deferring trust");
 }
 
+/* Stub implementation for the test below to avoid linking */
+void Active::drop_packet(const Packet*, bool)
+{
+    active_action = ACT_DROP;
+}
+
+TEST(deferred_trust_test, finalize_clear)
+{
+    Active active{};
+
+    deferred_trust.clear();
+    // Enable
+    deferred_trust.set_deferred_trust(1, true);
+    CHECK_TEXT(deferred_trust.is_active(), "Deferred trust should be active");
+    active.block_again();
+    // finalize should clear deferred_trust
+    deferred_trust.finalize(active);
+    CHECK_TEXT(!deferred_trust.is_active(), "Deferred trust should not be active");
+
+    deferred_trust.clear();
+    // Enable
+    deferred_trust.set_deferred_trust(1, true);
+    CHECK_TEXT(deferred_trust.is_active(), "Deferred trust should be active");
+    active.drop_packet(nullptr, true);
+    // finalize should NOT clear deferred_trust
+    deferred_trust.finalize(active);
+    CHECK_TEXT(deferred_trust.is_active(), "Deferred trust should still be active");
+}
 
 int main(int argc, char** argv)
 {