From: Mike Stepanek (mstepane) Date: Thu, 9 Jul 2020 12:45:07 +0000 (+0000) Subject: Merge pull request #2307 in SNORT/snort3 from ~KATHARVE/snort3:http_type_depth_fix... X-Git-Tag: 3.0.2-2~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d4f45c41db0f08c5ee9c9843bd0d31af51f11f26;p=thirdparty%2Fsnort3.git Merge pull request #2307 in SNORT/snort3 from ~KATHARVE/snort3:http_type_depth_fix to master Squashed commit of the following: commit 4cb98445cca7c049e14717c36b3929474c1548f3 Author: Katura Harvey Date: Wed Jun 24 10:23:26 2020 -0400 http_inspect: send MIME full message body for file processing --- diff --git a/src/service_inspectors/http_inspect/http_msg_body.cc b/src/service_inspectors/http_inspect/http_msg_body.cc index 7275f3858..2ee2b60e6 100644 --- a/src/service_inspectors/http_inspect/http_msg_body.cc +++ b/src/service_inspectors/http_inspect/http_msg_body.cc @@ -218,11 +218,12 @@ void HttpMsgBody::do_file_processing(const Field& file_data) return; } - const int32_t fp_length = (file_data.length() <= session_data->file_depth_remaining[source_id]) - ? file_data.length() : session_data->file_depth_remaining[source_id]; - if (!session_data->mime_state[source_id]) { + const int32_t fp_length = (file_data.length() <= + session_data->file_depth_remaining[source_id]) ? + file_data.length() : session_data->file_depth_remaining[source_id]; + FileFlows* file_flows = FileFlows::get_file_flows(flow); if (!file_flows) return; @@ -264,14 +265,7 @@ void HttpMsgBody::do_file_processing(const Field& file_data) else { session_data->mime_state[source_id]->process_mime_data(p, file_data.start(), - fp_length, true, SNORT_FILE_POSITION_UNKNOWN); - - session_data->file_depth_remaining[source_id] -= fp_length; - if (session_data->file_depth_remaining[source_id] == 0) - { - delete session_data->mime_state[source_id]; - session_data->mime_state[source_id] = nullptr; - } + file_data.length(), true, SNORT_FILE_POSITION_UNKNOWN); } } diff --git a/src/service_inspectors/http_inspect/http_msg_header.cc b/src/service_inspectors/http_inspect/http_msg_header.cc index 256750a01..916116236 100644 --- a/src/service_inspectors/http_inspect/http_msg_header.cc +++ b/src/service_inspectors/http_inspect/http_msg_header.cc @@ -401,16 +401,17 @@ void HttpMsgHeader::prepare_body() void HttpMsgHeader::setup_file_processing() { - // Generate the unique file id for file processing - transaction->set_file_processing_id(source_id, get_transaction_id(), - get_h2_stream_id(source_id)); - - if ((session_data->file_depth_remaining[source_id] = FileService::get_max_file_depth()) < 0) + const int64_t max_file_depth = FileService::get_max_file_depth(); + if (max_file_depth <= 0) { session_data->file_depth_remaining[source_id] = 0; return; } + // Generate the unique file id for file processing + transaction->set_file_processing_id(source_id, get_transaction_id(), + get_h2_stream_id(source_id)); + // Do we meet all the conditions for MIME file processing? if (source_id == SRC_CLIENT) { @@ -432,6 +433,7 @@ void HttpMsgHeader::setup_file_processing() SNORT_FILE_POSITION_UNKNOWN); session_data->mime_state[source_id]->process_mime_data(p, (const uint8_t*)"\r\n", 2, true, SNORT_FILE_POSITION_UNKNOWN); + session_data->file_depth_remaining[source_id] = INT64_MAX; } } } @@ -439,6 +441,7 @@ void HttpMsgHeader::setup_file_processing() // Otherwise do regular file processing if (session_data->mime_state[source_id] == nullptr) { + session_data->file_depth_remaining[source_id] = max_file_depth; FileFlows* file_flows = FileFlows::get_file_flows(flow); if (!file_flows) session_data->file_depth_remaining[source_id] = 0;