"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/service_inspectors/http2_inspect/http2_headers_frame_trailer.cc" between
snort3-3.1.36.0.tar.gz and snort3-3.1.38.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

http2_headers_frame_trailer.cc  (snort3-3.1.36.0):http2_headers_frame_trailer.cc  (snort3-3.1.38.0)
skipping to change at line 31 skipping to change at line 31
#include "config.h" #include "config.h"
#endif #endif
#include "http2_headers_frame_trailer.h" #include "http2_headers_frame_trailer.h"
#include "protocols/packet.h" #include "protocols/packet.h"
#include "service_inspectors/http_inspect/http_flow_data.h" #include "service_inspectors/http_inspect/http_flow_data.h"
#include "service_inspectors/http_inspect/http_inspect.h" #include "service_inspectors/http_inspect/http_inspect.h"
#include "service_inspectors/http_inspect/http_stream_splitter.h" #include "service_inspectors/http_inspect/http_stream_splitter.h"
#include "http2_dummy_packet.h"
#include "http2_enum.h" #include "http2_enum.h"
#include "http2_flow_data.h" #include "http2_flow_data.h"
#include "http2_hpack.h" #include "http2_hpack.h"
#include "http2_stream.h" #include "http2_stream.h"
using namespace snort; using namespace snort;
using namespace HttpCommon; using namespace HttpCommon;
using namespace Http2Enums; using namespace Http2Enums;
Http2HeadersFrameTrailer::Http2HeadersFrameTrailer(const uint8_t* header_buffer, Http2HeadersFrameTrailer::Http2HeadersFrameTrailer(const uint8_t* header_buffer,
skipping to change at line 68 skipping to change at line 67
if ((state == STREAM_EXPECT_BODY) || (state == STREAM_BODY)) if ((state == STREAM_EXPECT_BODY) || (state == STREAM_BODY))
return true; return true;
if (state == STREAM_COMPLETE) if (state == STREAM_COMPLETE)
{ {
*session_data->infractions[source_id] += INF_FRAME_SEQUENCE; *session_data->infractions[source_id] += INF_FRAME_SEQUENCE;
session_data->events[source_id]->create_event(EVENT_FRAME_SEQUENCE); session_data->events[source_id]->create_event(EVENT_FRAME_SEQUENCE);
} }
return false; return false;
} }
void Http2HeadersFrameTrailer::analyze_http1() void Http2HeadersFrameTrailer::analyze_http1(Packet* p)
{ {
HttpFlowData* const http_flow = stream->get_hi_flow_data(); HttpFlowData* const http_flow = stream->get_hi_flow_data();
assert(http_flow); assert(http_flow);
const bool valid_headers = http1_header.length() > 0; const bool valid_headers = http1_header.length() > 0;
if (http_flow->get_type_expected(source_id) != SEC_TRAILER) if (http_flow->get_type_expected(source_id) != SEC_TRAILER)
{ {
// http_inspect is not yet expecting trailers. Flush empty buffer throug h scan, reassemble, // http_inspect is not yet expecting trailers. Flush empty buffer throug h scan, reassemble,
// and eval to prepare http_inspect for trailers. // and eval to prepare http_inspect for trailers.
assert(http_flow->get_type_expected(source_id) == SEC_BODY_H2); assert(http_flow->get_type_expected(source_id) == SEC_BODY_H2);
stream->finish_msg_body(source_id, valid_headers, true); // calls http_i nspect scan() stream->finish_msg_body(source_id, valid_headers, true); // calls http_i nspect scan()
unsigned copied; unsigned copied;
const StreamBuffer stream_buf = const StreamBuffer stream_buf =
session_data->hi_ss[source_id]->reassemble(session_data->flow, session_data->hi_ss[source_id]->reassemble(session_data->flow,
0, 0, nullptr, 0, PKT_PDU_TAIL, copied); 0, 0, nullptr, 0, PKT_PDU_TAIL, copied);
assert(copied == 0); assert(copied == 0);
if (stream_buf.data != nullptr) if (stream_buf.data != nullptr)
{ {
Http2DummyPacket dummy_pkt; session_data->hi->eval(p, source_id, stream_buf.data, stream_buf.len
dummy_pkt.flow = session_data->flow; gth);
dummy_pkt.packet_flags = (source_id == SRC_CLIENT) ? PKT_FROM_CLIENT
: PKT_FROM_SERVER;
dummy_pkt.dsize = stream_buf.length;
dummy_pkt.data = stream_buf.data;
session_data->hi->eval(&dummy_pkt);
assert (!valid_headers || http_flow->get_type_expected(source_id) == SEC_TRAILER); assert (!valid_headers || http_flow->get_type_expected(source_id) == SEC_TRAILER);
if (http_flow->get_type_expected(source_id) == SEC_ABORT) if (http_flow->get_type_expected(source_id) == SEC_ABORT)
{ {
stream->set_state(source_id, STREAM_ERROR); stream->set_state(source_id, STREAM_ERROR);
return; return;
} }
session_data->hi->clear(&dummy_pkt); session_data->hi->clear(p);
} }
} }
if (!valid_headers) if (!valid_headers)
{ {
stream->set_state(source_id, STREAM_ERROR); stream->set_state(source_id, STREAM_ERROR);
return; return;
} }
process_decoded_headers(http_flow, source_id); process_decoded_headers(http_flow, source_id, p);
} }
void Http2HeadersFrameTrailer::update_stream_state() void Http2HeadersFrameTrailer::update_stream_state()
{ {
switch (stream->get_state(source_id)) switch (stream->get_state(source_id))
{ {
case STREAM_BODY: case STREAM_BODY:
session_data->concurrent_files -= 1; session_data->concurrent_files -= 1;
// fallthrough // fallthrough
case STREAM_EXPECT_BODY: case STREAM_EXPECT_BODY:
 End of changes. 5 change blocks. 
11 lines changed or deleted 5 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)