From: Brandon Stultz (brastult) <brastult@cisco.com>
Date: Tue, 20 Jun 2023 07:39:16 +0000 (+0000)
Subject: Pull request #3869: icmp6: allow rules to match packet data after header
X-Git-Tag: 3.1.65.0~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f0ef2db8a6767b6e6e8c93cf106f1735fd82be3a;p=thirdparty%2Fsnort3.git

Pull request #3869: icmp6: allow rules to match packet data after header

Merge in SNORT/snort3 from ~BRASTULT/snort3:icmp6_codec_fix to master

Squashed commit of the following:

commit 3e505237c534272ed501fac591e8eb53c2224727
Author: Brandon Stultz <brastult@cisco.com>
Date:   Tue May 9 17:07:24 2023 -0400

    icmp6: allow rules to match packet data after header
---

diff --git a/src/codecs/ip/cd_icmp6.cc b/src/codecs/ip/cd_icmp6.cc
index dbf7eba38..e68251355 100644
--- a/src/codecs/ip/cd_icmp6.cc
+++ b/src/codecs/ip/cd_icmp6.cc
@@ -170,7 +170,7 @@ bool Icmp6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
     }
 
     const uint16_t dsize = raw.len - icmp::ICMP6_HEADER_MIN_LEN;
-    uint16_t len;
+    uint16_t len = icmp::ICMP6_HEADER_MIN_LEN;
 
     switch (icmp6h->type)
     {
@@ -241,8 +241,6 @@ bool Icmp6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
 
             if (ntohl(ra->reachable_time) > 3600000)
                 codec_event(codec, DECODE_ICMPV6_ADVERT_BAD_REACHABLE);
-
-            len = icmp::ICMP6_HEADER_MIN_LEN;
         }
         else
         {
@@ -260,8 +258,6 @@ bool Icmp6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
 
             if (ntohl(rs->reserved) != 0)
                 codec_event(codec, DECODE_ICMPV6_SOLICITATION_BAD_RESERVED);
-
-            len = icmp::ICMP6_HEADER_MIN_LEN;
         }
         else
         {
@@ -279,7 +275,6 @@ bool Icmp6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
                 codec_event(codec, DECODE_ICMPV6_NODE_INFO_BAD_CODE);
 
             // FIXIT-L add alert for INFO Response, code == 1 || code == 2) with data
-            len = icmp::ICMP6_HEADER_MIN_LEN;
         }
         else
         {
@@ -313,12 +308,10 @@ bool Icmp6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
     case icmp::Icmp6Types::DUPLICATE_ADDRESS_REQUEST:
     case icmp::Icmp6Types::DUPLICATE_ADDRESS_CONFIRMATION:
     case icmp::Icmp6Types::MPL_CONTROL:
-        len = raw.len;
         break;
 
     default:
         codec_event(codec, DECODE_ICMP6_TYPE_OTHER);
-        len = raw.len;
         break;
     }