From 47c0edb0844e37da60b3704df8044cfdb91ec009 Mon Sep 17 00:00:00 2001
From: "Mike Stepanek (mstepane)" <mstepane@cisco.com>
Date: Tue, 11 Aug 2020 21:51:13 +0000
Subject: [PATCH] Merge pull request #2387 in SNORT/snort3 from
 ~THOPETER/snort3:h2i_finish to master

Squashed commit of the following:

commit ad37a366a1f2414c0cefee09292cd349dfce9ada
Author: Tom Peters <thopeter@cisco.com>
Date:   Wed Aug 5 16:56:38 2020 -0400

    http_inspect: finish() after partial inspection
---
 .../http2_inspect/http2_stream_splitter.cc    | 30 ++++++++++++++++---
 .../http_stream_splitter_finish.cc            |  8 +++--
 .../http_inspect/http_stream_splitter_scan.cc |  3 +-
 3 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc
index 348c7ccbd..b567b26c3 100644
--- a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc
+++ b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc
@@ -184,7 +184,6 @@ const StreamBuffer Http2StreamSplitter::reassemble(Flow* flow, unsigned total, u
     return implement_reassemble(session_data, total, offset, data, len, flags, source_id);
 }
 
-// Eventually we will need to address unexpected connection closes
 bool Http2StreamSplitter::finish(Flow* flow)
 {
     Profile profile(Http2Module::get_profile_stats());
@@ -203,16 +202,39 @@ bool Http2StreamSplitter::finish(Flow* flow)
         }
         else
         {
-            printf("Finish from flow data %" PRIu64 " direction %d\n", session_data->seq_num,
-                source_id);
+            printf("HTTP/2 finish from flow data %" PRIu64 " direction %d\n",
+                session_data->seq_num, source_id);
             fflush(stdout);
         }
     }
 #endif
 
+    // Loop through all nonzero streams and call NHI finish()
     bool need_reassemble = false;
+    for (const Http2FlowData::StreamInfo& stream_info : session_data->streams)
+    {
+        if ((stream_info.id == 0)                                                 ||
+            (stream_info.stream->get_state(source_id) == STATE_CLOSED)            ||
+            (stream_info.stream->get_hi_flow_data() == nullptr)                   ||
+            (stream_info.stream->get_hi_flow_data()->get_type_expected(source_id)
+                != HttpEnums::SEC_BODY_H2))
+        {
+            continue;
+        }
 
-    // Loop through all streams and call NHI finish()
+        session_data->stream_in_hi = stream_info.id;
+        if (session_data->hi_ss[source_id]->finish(flow))
+        {
+            assert(stream_info.id == session_data->current_stream[source_id]);
+            need_reassemble = true;
+#ifdef REG_TEST
+            if (HttpTestManager::use_test_input(HttpTestManager::IN_HTTP2))
+                HttpTestManager::get_test_input_source()->flush(0);
+#endif
+        }
+        session_data->stream_in_hi = NO_STREAM_ID;
+
+    }
 
     return need_reassemble;
 }
diff --git a/src/service_inspectors/http_inspect/http_stream_splitter_finish.cc b/src/service_inspectors/http_inspect/http_stream_splitter_finish.cc
index e26451dbb..073bf844c 100644
--- a/src/service_inspectors/http_inspect/http_stream_splitter_finish.cc
+++ b/src/service_inspectors/http_inspect/http_stream_splitter_finish.cc
@@ -73,8 +73,9 @@ bool HttpStreamSplitter::finish(Flow* flow)
     // up to process because it is about to go to reassemble(). But we don't support partial start
     // lines.
     if ((session_data->section_type[source_id] == SEC__NOT_COMPUTE) &&
-        (session_data->cutter[source_id] != nullptr)               &&
-        (session_data->cutter[source_id]->get_octets_seen() > 0))
+        (session_data->cutter[source_id] != nullptr)                &&
+        (session_data->cutter[source_id]->get_octets_seen() >
+            session_data->partial_raw_bytes[source_id]))
     {
         if ((session_data->type_expected[source_id] == SEC_REQUEST) ||
             (session_data->type_expected[source_id] == SEC_STATUS))
@@ -116,7 +117,8 @@ bool HttpStreamSplitter::finish(Flow* flow)
     if ((session_data->section_type[source_id] == SEC__NOT_COMPUTE) &&
         (session_data->file_depth_remaining[source_id] > 0)        &&
         (session_data->cutter[source_id] != nullptr)               &&
-        (session_data->cutter[source_id]->get_octets_seen() == 0))
+        (session_data->cutter[source_id]->get_octets_seen() ==
+            session_data->partial_raw_bytes[source_id]))
     {
         Packet* packet = DetectionEngine::get_current_packet();
         if (!session_data->mime_state[source_id])
diff --git a/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc b/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc
index 8176e43c9..ca845478b 100644
--- a/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc
+++ b/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc
@@ -106,7 +106,8 @@ StreamSplitter::Status HttpStreamSplitter::status_value(StreamSplitter::Status r
         http2 ? HttpTestManager::IN_HTTP2 : HttpTestManager::IN_HTTP;
     if (HttpTestManager::use_test_output(type))
     {
-        fprintf(HttpTestManager::get_output_file(), "scan() returning status %d\n", ret_val);
+        fprintf(HttpTestManager::get_output_file(), "%sscan() returning status %d\n",
+            http2 ? "HTTP/2 ": "", ret_val);
         fflush(HttpTestManager::get_output_file());
     }
     if (HttpTestManager::use_test_input(type))
-- 
2.47.3