From: Mike Stepanek (mstepane) Date: Fri, 31 Jul 2020 11:45:44 +0000 (+0000) Subject: Merge pull request #2365 in SNORT/snort3 from ~THOPETER/snort3:nhttp145 to master X-Git-Tag: 3.0.2-4~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e699cdfd818dae2efdee80692a13fd500750b54d;p=thirdparty%2Fsnort3.git Merge pull request #2365 in SNORT/snort3 from ~THOPETER/snort3:nhttp145 to master Squashed commit of the following: commit c26ca80f1680939468e9b55518c2a37eb7440da0 Author: Tom Peters Date: Thu Jul 30 17:39:46 2020 -0400 http2_inspect: cleanup --- diff --git a/src/service_inspectors/http2_inspect/http2_data_cutter.cc b/src/service_inspectors/http2_inspect/http2_data_cutter.cc index 6d7d555c7..5f5519bb5 100644 --- a/src/service_inspectors/http2_inspect/http2_data_cutter.cc +++ b/src/service_inspectors/http2_inspect/http2_data_cutter.cc @@ -149,6 +149,10 @@ StreamSplitter::Status Http2DataCutter::http_scan(const uint8_t* data, uint32_t* leftover_bytes = leftover_padding = 0; } else if (scan_result == StreamSplitter::ABORT) + // FIXIT-E eventually need to implement continued processing. We cannot abort just + // because one stream went sideways. A better approach would be to put this one stream + // into a pass through mode while continuing to process other streams. As long as we + // can parse the framing and process most streams it is reasonable to continue. return StreamSplitter::ABORT; } if (data_state == FULL_FRAME) diff --git a/src/service_inspectors/http2_inspect/http2_flow_data.h b/src/service_inspectors/http2_inspect/http2_flow_data.h index 53608c229..93f20b026 100644 --- a/src/service_inspectors/http2_inspect/http2_flow_data.h +++ b/src/service_inspectors/http2_inspect/http2_flow_data.h @@ -81,7 +81,7 @@ public: // Stream access class StreamInfo { -public: + public: const uint32_t id; class Http2Stream* stream; diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc index 1ad19ef98..348c7ccbd 100644 --- a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc +++ b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc @@ -198,7 +198,8 @@ bool Http2StreamSplitter::finish(Flow* flow) { if (HttpTestManager::use_test_input(HttpTestManager::IN_HTTP2)) { - HttpTestManager::get_test_input_source()->finish(); + if (!HttpTestManager::get_test_input_source()->finish()) + return false; } else { diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc index 1d2f18794..1966c216e 100644 --- a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc +++ b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc @@ -306,9 +306,13 @@ StreamSplitter::Status Http2StreamSplitter::implement_scan(Http2FlowData* sessio get_stream_id(session_data->scan_frame_header[source_id]); if (session_data->data_processing[source_id] && - ((old_stream != session_data->current_stream[source_id] && type == FT_DATA) - || type != FT_DATA)) + ((type != FT_DATA) || (old_stream != session_data->current_stream[source_id]))) { + // When there is unflushed data in stream we cannot bypass it to work on some + // other frame. Partial flush gets it out of stream while retaining control of + // message body section sizes. It also avoids extreme delays in inspecting the + // data that could occur if we put this aside indefinitely while processing + // other streams. partial_flush_data(session_data, source_id, flush_offset, data_offset, old_stream); return StreamSplitter::FLUSH;