"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/service_inspectors/http_inspect/http_cutter.cc" between
snort3-3.1.28.0.tar.gz and snort3-3.1.29.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

http_cutter.cc  (snort3-3.1.28.0):http_cutter.cc  (snort3-3.1.29.0)
skipping to change at line 32 skipping to change at line 32
#endif #endif
#include "http_cutter.h" #include "http_cutter.h"
#include "http_common.h" #include "http_common.h"
#include "http_enum.h" #include "http_enum.h"
#include "http_flow_data.h" #include "http_flow_data.h"
#include "http_module.h" #include "http_module.h"
using namespace HttpEnums; using namespace HttpEnums;
using namespace HttpCommon;
ScanResult HttpStartCutter::cut(const uint8_t* buffer, uint32_t length, ScanResult HttpStartCutter::cut(const uint8_t* buffer, uint32_t length,
HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, HttpEnum s::H2BodyState) HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, H2BodySt ate)
{ {
for (uint32_t k = 0; k < length; k++) for (uint32_t k = 0; k < length; k++)
{ {
// Discard magic six white space characters CR, LF, Tab, VT, FF, and SP when they occur // Discard magic six white space characters CR, LF, Tab, VT, FF, and SP when they occur
// before the start line. // before the start line.
// If we have seen nothing but white space so far ... // If we have seen nothing but white space so far ...
if (num_crlf == octets_seen + k) if (num_crlf == octets_seen + k)
{ {
if (is_sp_tab_cr_lf_vt_ff[buffer[k]]) if (is_sp_tab_cr_lf_vt_ff[buffer[k]])
{ {
skipping to change at line 186 skipping to change at line 187
} }
else else
return V_BAD; return V_BAD;
} }
if (++octets_checked >= match_size) if (++octets_checked >= match_size)
return V_GOOD; return V_GOOD;
return V_TBD; return V_TBD;
} }
ScanResult HttpHeaderCutter::cut(const uint8_t* buffer, uint32_t length, ScanResult HttpHeaderCutter::cut(const uint8_t* buffer, uint32_t length,
HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, HttpEnum s::H2BodyState) HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, H2BodySt ate)
{ {
// Header separators: leading \r\n, leading \n, leading \r\r\n, nonleading \ r\n\r\n, nonleading // Header separators: leading \r\n, leading \n, leading \r\r\n, nonleading \ r\n\r\n, nonleading
// \n\r\n, nonleading \r\r\n, nonleading \r\n\n, and nonleading \n\n. The se parator itself // \n\r\n, nonleading \r\r\n, nonleading \r\n\n, and nonleading \n\n. The se parator itself
// becomes num_excess which is discarded during reassemble(). // becomes num_excess which is discarded during reassemble().
// \r without \n can (improperly) end the start line or a header line, but n ot the entire // \r without \n can (improperly) end the start line or a header line, but n ot the entire
// header block. // header block.
// The leading cases work as described because the initial state is ONE. // The leading cases work as described because the initial state is ONE.
for (uint32_t k = 0; k < length; k++) for (uint32_t k = 0; k < length; k++)
{ {
switch (state) switch (state)
skipping to change at line 326 skipping to change at line 327
HttpBodyCutter::~HttpBodyCutter() HttpBodyCutter::~HttpBodyCutter()
{ {
if (compress_stream != nullptr) if (compress_stream != nullptr)
{ {
inflateEnd(compress_stream); inflateEnd(compress_stream);
delete compress_stream; delete compress_stream;
} }
} }
ScanResult HttpBodyClCutter::cut(const uint8_t* buffer, uint32_t length, HttpInf ractions*, ScanResult HttpBodyClCutter::cut(const uint8_t* buffer, uint32_t length, HttpInf ractions*,
HttpEventGen*, uint32_t flow_target, bool stretch, HttpEnums::H2BodyState) HttpEventGen*, uint32_t flow_target, bool stretch, H2BodyState)
{ {
assert(remaining > octets_seen); assert(remaining > octets_seen);
// Are we skipping to the next message? // Are we skipping to the next message?
if (flow_target == 0) if (flow_target == 0)
{ {
if (remaining <= length) if (remaining <= length)
{ {
num_flush = remaining; num_flush = remaining;
remaining = 0; remaining = 0;
skipping to change at line 403 skipping to change at line 404
} }
// Cannot stretch to the end of the message body. Cut at the original target . // Cannot stretch to the end of the message body. Cut at the original target .
num_flush = flow_target - octets_seen; num_flush = flow_target - octets_seen;
remaining -= flow_target; remaining -= flow_target;
need_accelerated_blocking(buffer, num_flush); need_accelerated_blocking(buffer, num_flush);
return SCAN_FOUND_PIECE; return SCAN_FOUND_PIECE;
} }
ScanResult HttpBodyOldCutter::cut(const uint8_t* buffer, uint32_t length, HttpIn fractions*, ScanResult HttpBodyOldCutter::cut(const uint8_t* buffer, uint32_t length, HttpIn fractions*,
HttpEventGen*, uint32_t flow_target, bool stretch, HttpEnums::H2BodyState) HttpEventGen*, uint32_t flow_target, bool stretch, H2BodyState)
{ {
if (flow_target == 0) if (flow_target == 0)
{ {
// FIXIT-P Need StreamSplitter::END // FIXIT-P Need StreamSplitter::END
// With other types of body we would skip to the trailers and/or next me ssage now. But this // With other types of body we would skip to the trailers and/or next me ssage now. But this
// will run to connection close so we should just stop processing this f low. But there is // will run to connection close so we should just stop processing this f low. But there is
// no way to ask stream to do that so we must skip through the rest of t he message // no way to ask stream to do that so we must skip through the rest of t he message
// ourselves. // ourselves.
num_flush = length; num_flush = length;
return SCAN_DISCARD_PIECE; return SCAN_DISCARD_PIECE;
skipping to change at line 449 skipping to change at line 450
void HttpBodyChunkCutter::transition_to_chunk_bad(bool& accelerate_this_packet) void HttpBodyChunkCutter::transition_to_chunk_bad(bool& accelerate_this_packet)
{ {
curr_state = CHUNK_BAD; curr_state = CHUNK_BAD;
accelerate_this_packet = true; accelerate_this_packet = true;
zero_chunk = false; zero_chunk = false;
} }
ScanResult HttpBodyChunkCutter::cut(const uint8_t* buffer, uint32_t length, ScanResult HttpBodyChunkCutter::cut(const uint8_t* buffer, uint32_t length,
HttpInfractions* infractions, HttpEventGen* events, uint32_t flow_target, bo ol stretch, HttpInfractions* infractions, HttpEventGen* events, uint32_t flow_target, bo ol stretch,
HttpEnums::H2BodyState) H2BodyState)
{ {
// Are we skipping through the rest of this chunked body to the trailers and the next message? // Are we skipping through the rest of this chunked body to the trailers and the next message?
const bool discard_mode = (flow_target == 0); const bool discard_mode = (flow_target == 0);
const uint32_t adjusted_target = stretch ? MAX_SECTION_STRETCH + flow_target : flow_target; const uint32_t adjusted_target = stretch ? MAX_SECTION_STRETCH + flow_target : flow_target;
bool accelerate_this_packet = false; bool accelerate_this_packet = false;
for (int32_t k=0; k < static_cast<int32_t>(length); k++) for (int32_t k=0; k < static_cast<int32_t>(length); k++)
{ {
skipping to change at line 767 skipping to change at line 768
{ {
// If the headers included a content length header (expected length >= 0), c heck it against the // If the headers included a content length header (expected length >= 0), c heck it against the
// actual message body length. Alert if it does not match at the end of the message body or if // actual message body length. Alert if it does not match at the end of the message body or if
// it overflows during the body (alert once then stop computing). // it overflows during the body (alert once then stop computing).
if (expected_body_length >= 0) if (expected_body_length >= 0)
{ {
if ((total_octets_scanned + length) > expected_body_length) if ((total_octets_scanned + length) > expected_body_length)
{ {
*infractions += INF_H2_DATA_OVERRUNS_CL; *infractions += INF_H2_DATA_OVERRUNS_CL;
events->create_event(EVENT_H2_DATA_OVERRUNS_CL); events->create_event(EVENT_H2_DATA_OVERRUNS_CL);
expected_body_length = HttpCommon::STAT_NOT_COMPUTE; expected_body_length = STAT_NOT_COMPUTE;
} }
else if (state != H2_BODY_NOT_COMPLETE and else if (state != H2_BODY_NOT_COMPLETE and
((total_octets_scanned + length) < expected_body_length)) ((total_octets_scanned + length) < expected_body_length))
{ {
*infractions += INF_H2_DATA_UNDERRUNS_CL; *infractions += INF_H2_DATA_UNDERRUNS_CL;
events->create_event(EVENT_H2_DATA_UNDERRUNS_CL); events->create_event(EVENT_H2_DATA_UNDERRUNS_CL);
} }
} }
if (flow_target == 0) if (flow_target == 0)
 End of changes. 7 change blocks. 
6 lines changed or deleted 7 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)