aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/http2: fix header inspection

Browse Source 
Header inspection was overwriting data that was still being
referenced by the detect engine, leading to ASAN issues.
pull/5283/head
Victor Julien 5 years ago
parent abc8bd11b9
commit 4aa80ac7f6
2 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File

12
rust/src/http2/detect.rs
Unescape Escape View File

@ -507,8 +507,10 @@ pub unsafe extern "C" fn rs_http2_tx_get_header(
match &tx.frames_ts[i].data {
HTTP2FrameTypeData::HEADERS(hd) => {
if nb < pos + hd.blocks.len() as u32 {
tx.escaped_tmp = http2_escape_header(&hd, nb - pos);
let value = &tx.escaped_tmp;
let ehdr = http2_escape_header(&hd, nb - pos);
tx.escaped.push(ehdr);
let idx = tx.escaped.len() - 1;
let value = &tx.escaped[idx];
*buffer = value.as_ptr(); //unsafe
*buffer_len = value.len() as u32;
return 1;
@ -524,8 +526,10 @@ pub unsafe extern "C" fn rs_http2_tx_get_header(
match &tx.frames_tc[i].data {
HTTP2FrameTypeData::HEADERS(hd) => {
if nb < pos + hd.blocks.len() as u32 {
tx.escaped_tmp = http2_escape_header(&hd, nb - pos);
let value = &tx.escaped_tmp;
let ehdr = http2_escape_header(&hd, nb - pos);
tx.escaped.push(ehdr);
let idx = tx.escaped.len() - 1;
let value = &tx.escaped[idx];
*buffer = value.as_ptr(); //unsafe
*buffer_len = value.len() as u32;
return 1;

4
rust/src/http2/http2.rs
Unescape Escape View File

@ -131,7 +131,7 @@ pub struct HTTP2Transaction {
//temporary escaped header for detection
//must be attached to transaction for memory management (be freed at the right time)
pub escaped_tmp: Vec<u8>,
pub escaped: Vec<Vec<u8>>,
}
impl HTTP2Transaction {
@ -147,7 +147,7 @@ impl HTTP2Transaction {
events: std::ptr::null_mut(),
tx_data: AppLayerTxData::new(),
ft: FileTransferTracker::new(),
escaped_tmp: Vec::new(),
escaped: Vec::with_capacity(16),
}
}

Write Preview
Loading…
Cancel
Save