Merge pull request #1193 in SNORT/snort3 from nhttp101 to master

author Tom Peters (thopeter) <thopeter@cisco.com>

Tue, 17 Apr 2018 19:41:05 +0000 (15:41 -0400)

committer Tom Peters (thopeter) <thopeter@cisco.com>

Tue, 17 Apr 2018 19:41:05 +0000 (15:41 -0400)
author Tom Peters (thopeter) <thopeter@cisco.com>
Tue, 17 Apr 2018 19:41:05 +0000 (15:41 -0400)
committer Tom Peters (thopeter) <thopeter@cisco.com>
Tue, 17 Apr 2018 19:41:05 +0000 (15:41 -0400)
diff --git a/src/service_inspectors/http_inspect/http_cutter.cc b/src/service_inspectors/http_inspect/http_cutter.cc

index 78a31a5baa76b9a1b0fe2a04f0a3d748ac4c9e3f..7eace0b28b68def253255cd7b19925dbe025e970 100644 (file)
--- a/src/service_inspectors/http_inspect/http_cutter.cc
+++ b/src/service_inspectors/http_inspect/http_cutter.cc
@@ -546,7 +546,12 @@ ScanResult HttpBodyChunkCutter::cut(const uint8_t* buffer, uint32_t length,
              // If we are skipping to the trailers and next message the broken chunk thwarts us
              if (discard_mode)
              {
-                return SCAN_ABORT;
+                // FIXIT-P Need StreamSplitter::END
+                // With the broken chunk this will run to connection close so we should just stop
+                // processing this flow. But there is no way to ask stream to do that so we must
+                // skip through the rest of the message ourselves.
+                num_flush = length;
+                return SCAN_DISCARD_PIECE;
              }
              uint32_t skip_amount = length-k;
              skip_amount = (skip_amount <= flow_target-data_seen) ? skip_amount :
author	Tom Peters (thopeter) <thopeter@cisco.com>
	Tue, 17 Apr 2018 19:41:05 +0000 (15:41 -0400)
committer	Tom Peters (thopeter) <thopeter@cisco.com>
	Tue, 17 Apr 2018 19:41:05 +0000 (15:41 -0400)