"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/service_inspectors/http2_inspect/http2_headers_frame.cc" between
snort3-3.1.36.0.tar.gz and snort3-3.1.38.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

http2_headers_frame.cc  (snort3-3.1.36.0):http2_headers_frame.cc  (snort3-3.1.38.0)
skipping to change at line 31 skipping to change at line 31
#include "config.h" #include "config.h"
#endif #endif
#include "http2_headers_frame.h" #include "http2_headers_frame.h"
#include "protocols/packet.h" #include "protocols/packet.h"
#include "service_inspectors/http_inspect/http_flow_data.h" #include "service_inspectors/http_inspect/http_flow_data.h"
#include "service_inspectors/http_inspect/http_inspect.h" #include "service_inspectors/http_inspect/http_inspect.h"
#include "service_inspectors/http_inspect/http_stream_splitter.h" #include "service_inspectors/http_inspect/http_stream_splitter.h"
#include "http2_dummy_packet.h"
#include "http2_enum.h" #include "http2_enum.h"
#include "http2_flow_data.h" #include "http2_flow_data.h"
#include "http2_hpack.h" #include "http2_hpack.h"
#include "http2_start_line.h" #include "http2_start_line.h"
#include "http2_stream.h" #include "http2_stream.h"
using namespace snort; using namespace snort;
using namespace HttpCommon; using namespace HttpCommon;
using namespace Http2Enums; using namespace Http2Enums;
skipping to change at line 60 skipping to change at line 59
// Set up HPACK decoding // Set up HPACK decoding
hpack_decoder = &session_data->hpack_decoder[source_id]; hpack_decoder = &session_data->hpack_decoder[source_id];
} }
bool Http2HeadersFrame::in_error_state() const bool Http2HeadersFrame::in_error_state() const
{ {
return stream->get_state(source_id) == STREAM_ERROR; return stream->get_state(source_id) == STREAM_ERROR;
} }
void Http2HeadersFrame::clear() void Http2HeadersFrame::clear(Packet* p)
{ {
if (session_data->abort_flow[source_id] || in_error_state()) if (session_data->abort_flow[source_id] || in_error_state())
return; return;
Packet dummy_pkt(false); session_data->hi->clear(p);
dummy_pkt.flow = session_data->flow;
session_data->hi->clear(&dummy_pkt);
} }
bool Http2HeadersFrame::decode_headers(Http2StartLine* start_line_generator, boo l trailers) bool Http2HeadersFrame::decode_headers(Http2StartLine* start_line_generator, boo l trailers)
{ {
const uint32_t encoded_headers_length = (data.length() > hpack_headers_offse t) ? const uint32_t encoded_headers_length = (data.length() > hpack_headers_offse t) ?
data.length() - hpack_headers_offset : 0; data.length() - hpack_headers_offset : 0;
if (!hpack_decoder->decode_headers((data.start() + hpack_headers_offset), if (!hpack_decoder->decode_headers((data.start() + hpack_headers_offset),
encoded_headers_length, start_line_generator, trailers)) encoded_headers_length, start_line_generator, trailers))
{ {
if (!(*session_data->infractions[source_id] & INF_TRUNCATED_HEADER_LINE) ) if (!(*session_data->infractions[source_id] & INF_TRUNCATED_HEADER_LINE) )
skipping to change at line 90 skipping to change at line 87
session_data->events[source_id]->create_event(EVENT_LOSS_OF_SYNC); session_data->events[source_id]->create_event(EVENT_LOSS_OF_SYNC);
http1_header.set(STAT_PROBLEMATIC); http1_header.set(STAT_PROBLEMATIC);
hpack_decoder->cleanup(); hpack_decoder->cleanup();
return false; return false;
} }
} }
hpack_decoder->set_decoded_headers(http1_header); hpack_decoder->set_decoded_headers(http1_header);
return true; return true;
} }
void Http2HeadersFrame::process_decoded_headers(HttpFlowData* http_flow, SourceI d hi_source_id) void Http2HeadersFrame::process_decoded_headers(HttpFlowData* http_flow, SourceI d hi_source_id, Packet* p)
{ {
if (session_data->abort_flow[source_id] or http1_header.length() < 0) if (session_data->abort_flow[source_id] or http1_header.length() < 0)
return; return;
if (http1_header.length() <= 0 and !session_data->is_processing_partial_head er()) if (http1_header.length() <= 0 and !session_data->is_processing_partial_head er())
{ {
// This shouldn't happen because well-formatted empty frames have crlf w ritten to the // This shouldn't happen because well-formatted empty frames have crlf w ritten to the
// decoded headers buffer // decoded headers buffer
assert(false); assert(false);
return; return;
skipping to change at line 113 skipping to change at line 110
StreamBuffer stream_buf; StreamBuffer stream_buf;
// http_inspect scan() of headers // http_inspect scan() of headers
// If we're processing a header truncated immediately after the start line, http1_header will // If we're processing a header truncated immediately after the start line, http1_header will
// be empty. Don't call scan on the empty buffer because it will create a cu tter and the check // be empty. Don't call scan on the empty buffer because it will create a cu tter and the check
// for this condition in HI::finish() will fail. Truncated headers with non- empty http1_header // for this condition in HI::finish() will fail. Truncated headers with non- empty http1_header
// buffers are still sent to HI::scan(). // buffers are still sent to HI::scan().
if (http1_header.length() > 0) if (http1_header.length() > 0)
{ {
uint32_t flush_offset; uint32_t flush_offset;
Http2DummyPacket dummy_pkt;
dummy_pkt.flow = session_data->flow;
const uint32_t unused = 0;
const StreamSplitter::Status header_scan_result = const StreamSplitter::Status header_scan_result =
session_data->hi_ss[hi_source_id]->scan(&dummy_pkt, http1_header.sta session_data->hi_ss[hi_source_id]->scan(session_data->flow, http1_he
rt(), ader.start(), http1_header.length(),
http1_header.length(), unused, &flush_offset); &flush_offset);
assert((session_data->is_processing_partial_header() and assert((session_data->is_processing_partial_header() and
(header_scan_result == StreamSplitter::SEARCH)) or (header_scan_result == StreamSplitter::SEARCH)) or
((!session_data->is_processing_partial_header() and ((!session_data->is_processing_partial_header() and
(header_scan_result == StreamSplitter::FLUSH)))); (header_scan_result == StreamSplitter::FLUSH))));
assert(session_data->is_processing_partial_header() or assert(session_data->is_processing_partial_header() or
((int64_t)flush_offset == http1_header.length())); ((int64_t)flush_offset == http1_header.length()));
UNUSED(header_scan_result); UNUSED(header_scan_result);
} }
// If this is a truncated headers frame, call http_inspect finish() // If this is a truncated headers frame, call http_inspect finish()
skipping to change at line 148 skipping to change at line 142
unsigned copied; unsigned copied;
stream_buf = session_data->hi_ss[hi_source_id]->reassemble(session_data- >flow, stream_buf = session_data->hi_ss[hi_source_id]->reassemble(session_data- >flow,
http1_header.length(), 0, http1_header.start(), http1_header.length( ), PKT_PDU_TAIL, http1_header.length(), 0, http1_header.start(), http1_header.length( ), PKT_PDU_TAIL,
copied); copied);
assert(stream_buf.data != nullptr); assert(stream_buf.data != nullptr);
assert(copied == (unsigned)http1_header.length()); assert(copied == (unsigned)http1_header.length());
} }
// http_inspect eval() of headers // http_inspect eval() of headers
{ {
Http2DummyPacket dummy_pkt; session_data->hi->eval(p, hi_source_id, stream_buf.data, stream_buf.leng
dummy_pkt.flow = session_data->flow; th);
dummy_pkt.packet_flags = (hi_source_id == SRC_CLIENT) ? PKT_FROM_CLIENT
: PKT_FROM_SERVER;
dummy_pkt.dsize = stream_buf.length;
dummy_pkt.data = stream_buf.data;
dummy_pkt.xtradata_mask = 0;
session_data->hi->eval(&dummy_pkt);
if (http_flow->get_type_expected(hi_source_id) == SEC_ABORT) if (http_flow->get_type_expected(hi_source_id) == SEC_ABORT)
{ {
assert(session_data->is_processing_partial_header()); assert(session_data->is_processing_partial_header());
stream->set_state(hi_source_id, STREAM_ERROR); stream->set_state(hi_source_id, STREAM_ERROR);
} }
detection_required = dummy_pkt.is_detection_required();
xtradata_mask = dummy_pkt.xtradata_mask;
} }
} }
const Field& Http2HeadersFrame::get_buf(unsigned id) const Field& Http2HeadersFrame::get_buf(unsigned id)
{ {
switch (id) switch (id)
{ {
// FIXIT-E need to add a buffer for the decoded start line // FIXIT-E need to add a buffer for the decoded start line
case HTTP2_BUFFER_DECODED_HEADER: case HTTP2_BUFFER_DECODED_HEADER:
return http1_header; return http1_header;
 End of changes. 8 change blocks. 
22 lines changed or deleted 9 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)