From: Tom Peters (thopeter) <thopeter@cisco.com>
Date: Thu, 10 Jun 2021 14:54:17 +0000 (+0000)
Subject: Merge pull request #2934 in SNORT/snort3 from ~KATHARVE/snort3:http_host_fix to master
X-Git-Tag: 3.1.6.0~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=de30ceeb62893255ae59b73f2c96aee9aab9fd8a;p=thirdparty%2Fsnort3.git

Merge pull request #2934 in SNORT/snort3 from ~KATHARVE/snort3:http_host_fix to master

Squashed commit of the following:

commit 1ae238c8b83ea926d2b3843f8715743abda678e0
Author: Katura Harvey <katharve@cisco.com>
Date:   Tue Jun 8 12:55:20 2021 -0400

    pub_sub: update HttpEvent::get_host to get_authority - now always includes port if there is one
---

diff --git a/src/network_inspectors/appid/appid_http_event_handler.cc b/src/network_inspectors/appid/appid_http_event_handler.cc
index efde26c26..be93e9155 100644
--- a/src/network_inspectors/appid/appid_http_event_handler.cc
+++ b/src/network_inspectors/appid/appid_http_event_handler.cc
@@ -112,7 +112,7 @@ void HttpEventHandler::handle(DataEvent& event, Flow* flow)
 
     if (direction == APP_ID_FROM_INITIATOR)
     {
-        header_start = http_event->get_host(header_length);
+        header_start = http_event->get_authority(header_length);
         if (header_length > 0)
             hsession->set_field(REQ_HOST_FID, header_start, header_length, change_bits);
 
diff --git a/src/network_inspectors/appid/test/appid_http_event_test.cc b/src/network_inspectors/appid/test/appid_http_event_test.cc
index 4aabe3b0c..cdb1de740 100644
--- a/src/network_inspectors/appid/test/appid_http_event_test.cc
+++ b/src/network_inspectors/appid/test/appid_http_event_test.cc
@@ -182,7 +182,7 @@ const uint8_t* HttpEvent::get_cookie(int32_t& length)
     return global_field.start();
 }
 
-const uint8_t* HttpEvent::get_host(int32_t& length)
+const uint8_t* HttpEvent::get_authority(int32_t& length)
 {
     global_field.set(0, nullptr);
     if (host)
diff --git a/src/pub_sub/http_events.cc b/src/pub_sub/http_events.cc
index 55803fc41..627669293 100644
--- a/src/pub_sub/http_events.cc
+++ b/src/pub_sub/http_events.cc
@@ -58,15 +58,22 @@ const uint8_t* HttpEvent::get_cookie(int32_t& length)
         length);
 }
 
-const uint8_t* HttpEvent::get_host(int32_t& length)
-{
-    // Use Host header when available
-    const uint8_t* host_header = get_header(HttpEnums::HTTP_BUFFER_HEADER,
-        HttpEnums::HEAD_HOST, length);
-    if (length > 0)
-        return host_header;
-    // Otherwise use authority
-    return get_header(HttpEnums::HTTP_BUFFER_URI, HttpEnums::UC_HOST, length);
+const uint8_t* HttpEvent::get_authority(int32_t& length)
+{
+    // Use authority when available
+    HttpMsgRequest* request = http_msg_header->get_request();
+    if (request)
+    {
+        HttpUri* const uri = request->get_http_uri();
+        if (uri)
+        {
+            length = uri->get_authority().length();
+            if (length > 0)
+                return uri->get_authority().start();
+        }
+    }
+    // Otherwise use host header
+    return get_header(HttpEnums::HTTP_BUFFER_HEADER, HttpEnums::HEAD_HOST, length);
 }
 
 const uint8_t* HttpEvent::get_location(int32_t& length)
diff --git a/src/pub_sub/http_events.h b/src/pub_sub/http_events.h
index b869c74a5..021bbdf7b 100644
--- a/src/pub_sub/http_events.h
+++ b/src/pub_sub/http_events.h
@@ -42,7 +42,7 @@ public:
 
     const uint8_t* get_content_type(int32_t &length);
     const uint8_t* get_cookie(int32_t &length);
-    const uint8_t* get_host(int32_t &length);
+    const uint8_t* get_authority(int32_t &length);
     const uint8_t* get_location(int32_t &length);
     const uint8_t* get_referer(int32_t &length);
     const uint8_t* get_server(int32_t &length);