From: Mike Stepanek (mstepane) <mstepane@cisco.com>
Date: Tue, 22 Dec 2020 14:37:09 +0000 (+0000)
Subject: Merge pull request #2680 in SNORT/snort3 from ~MDAGON/snort3:stretch2 to master
X-Git-Tag: 3.1.0.0~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c795c0efd4f4e02b9418487e8a206ccd1e80df00;p=thirdparty%2Fsnort3.git

Merge pull request #2680 in SNORT/snort3 from ~MDAGON/snort3:stretch2 to master

Squashed commit of the following:

commit 2612410ad696c131fdb4218657cf4c0452c375b4
Author: mdagon <mdagon@cisco.com>
Date:   Wed Dec 16 08:57:08 2020 -0500

    http_inspect: support stretch for Http2
---

diff --git a/src/service_inspectors/http_inspect/http_cutter.cc b/src/service_inspectors/http_inspect/http_cutter.cc
index 595994be2..c8fa2c49b 100644
--- a/src/service_inspectors/http_inspect/http_cutter.cc
+++ b/src/service_inspectors/http_inspect/http_cutter.cc
@@ -717,12 +717,9 @@ ScanResult HttpBodyChunkCutter::cut(const uint8_t* buffer, uint32_t length,
 }
 
 ScanResult HttpBodyH2Cutter::cut(const uint8_t* buffer, uint32_t length,
-    HttpInfractions* infractions, HttpEventGen* events, uint32_t flow_target, bool /*stretch*/,
+    HttpInfractions* infractions, HttpEventGen* events, uint32_t flow_target, bool stretch,
     H2BodyState state)
 {
-    // FIXIT-E accelerated blocking not yet supported for HTTP/2
-    // FIXIT-E stretch not yet supported for HTTP/2 message bodies
-
     // If the headers included a content length header (expected length >= 0), check it against the
     // actual message body length. Alert if it does not match at the end of the message body or if
     // it overflows during the body (alert once then stop computing).
@@ -761,7 +758,10 @@ ScanResult HttpBodyH2Cutter::cut(const uint8_t* buffer, uint32_t length,
         }
         else
         {
-            num_flush = flow_target - octets_seen;
+            if (stretch && (octets_seen + length <= flow_target + MAX_SECTION_STRETCH))
+                num_flush = length;
+            else
+                num_flush = flow_target - octets_seen;
             total_octets_scanned += num_flush;
             need_accelerated_blocking(buffer, num_flush);
             return SCAN_FOUND_PIECE;
@@ -769,7 +769,8 @@ ScanResult HttpBodyH2Cutter::cut(const uint8_t* buffer, uint32_t length,
     }
     else if (state == H2_BODY_LAST_SEG)
     {
-        if (octets_seen + length <= flow_target)
+        const uint32_t adjusted_target = stretch ? MAX_SECTION_STRETCH + flow_target : flow_target;
+        if (octets_seen + length <= adjusted_target)
             num_flush = length;
         else
             num_flush = flow_target - octets_seen;
diff --git a/src/service_inspectors/http_inspect/http_msg_body_h2.cc b/src/service_inspectors/http_inspect/http_msg_body_h2.cc
index 8dd8ea9fd..5f7dc9086 100644
--- a/src/service_inspectors/http_inspect/http_msg_body_h2.cc
+++ b/src/service_inspectors/http_inspect/http_msg_body_h2.cc
@@ -28,7 +28,8 @@ using namespace HttpEnums;
 void HttpMsgBodyH2::update_flow()
 {
     session_data->body_octets[source_id] = body_octets;
-    if (session_data->h2_body_state[source_id] == H2_BODY_NOT_COMPLETE)
+    if (session_data->h2_body_state[source_id] == H2_BODY_NOT_COMPLETE ||
+        session_data->h2_body_state[source_id] == H2_BODY_LAST_SEG)
         update_depth();
     else if (session_data->h2_body_state[source_id] == H2_BODY_COMPLETE_EXPECT_TRAILERS)
         session_data->trailer_prep(source_id);