From: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Tue, 1 Sep 2020 17:09:23 +0000 (+0000)
Subject: Merge pull request #2432 in SNORT/snort3 from ~RDEMPSTE/snort3:plugins to master
X-Git-Tag: 3.0.2-6~25
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cf4f2ec9b327a7ad952929413ea9a424dc38d21c;p=thirdparty%2Fsnort3.git

Merge pull request #2432 in SNORT/snort3 from ~RDEMPSTE/snort3:plugins to master

Squashed commit of the following:

commit d381d49e800420f551024c4a5a275e541736e107
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Tue Sep 1 10:29:54 2020 -0400

    payload_injector: assume http1, if packet does not have a gadget
---

diff --git a/src/payload_injector/payload_injector_module.cc b/src/payload_injector/payload_injector_module.cc
index dab8cb89c..88f81a1f8 100644
--- a/src/payload_injector/payload_injector_module.cc
+++ b/src/payload_injector/payload_injector_module.cc
@@ -136,9 +136,9 @@ InjectionReturnStatus PayloadInjectorModule::inject_http_payload(Packet* p,
 
         if (p->packet_flags & PKT_STREAM_EST)
         {
-            if (!p->flow || !p->flow->gadget)
+            if (!p->flow)
                 status = ERR_UNIDENTIFIED_PROTOCOL;
-            else if (strcmp(p->flow->gadget->get_name(),"http_inspect") == 0)
+            else if (!p->flow->gadget || strcmp(p->flow->gadget->get_name(),"http_inspect") == 0)
             {
                 payload_injector_stats.http_injects++;
                 p->active->send_data(p, df, control.http_page, control.http_page_len);
diff --git a/src/payload_injector/test/payload_injector_test.cc b/src/payload_injector/test/payload_injector_test.cc
index 0f847f8b9..f8216e0f1 100644
--- a/src/payload_injector/test/payload_injector_test.cc
+++ b/src/payload_injector/test/payload_injector_test.cc
@@ -131,6 +131,7 @@ TEST_GROUP(payload_injector_test)
     InjectionControl control;
     PayloadInjectorCounts* counts = (PayloadInjectorCounts*)mod.get_counts();
     Flow flow;
+    Active active;
 
     void setup() override
     {
@@ -193,6 +194,7 @@ TEST(payload_injector_test, configured_stream_established)
     mock_api.base.name = "http_inspect";
     flow.gadget = new MockInspector();
     p.flow = &flow;
+    p.active = &active;
     InjectionReturnStatus status = mod.inject_http_payload(&p, control);
     CHECK(counts->http_injects == 1);
     CHECK(status == INJECTION_SUCCESS);
@@ -225,6 +227,7 @@ TEST(payload_injector_test, http2_success)
     mock_api.base.name = "http2_inspect";
     flow.gadget = new MockInspector();
     p.flow = &flow;
+    p.active = &active;
     control.stream_id = 1;
     InjectionReturnStatus status = mod.inject_http_payload(&p, control);
     CHECK(counts->http2_injects == 1);
@@ -239,11 +242,11 @@ TEST(payload_injector_test, unidentified_gadget_is_null)
     Packet p(false);
     p.packet_flags = PKT_STREAM_EST;
     p.flow = &flow;
+    p.active = &active;
     InjectionReturnStatus status = mod.inject_http_payload(&p, control);
-    CHECK(status == ERR_UNIDENTIFIED_PROTOCOL);
+    CHECK(counts->http_injects == 1);
+    CHECK(status == INJECTION_SUCCESS);
     CHECK(flow.flow_state == Flow::FlowState::BLOCK);
-    const char* err_string = mod.get_err_string(status);
-    CHECK(strcmp(err_string, "Unidentified protocol") == 0);
 }
 
 TEST(payload_injector_test, unidentified_gadget_name)