aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/http: don't set min-inspect-depth higher than setting

Browse Source
pull/6681/head
Victor Julien 4 years ago
parent 27dd0c6b3d
commit 55202f826a
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File

12
src/app-layer-htp.c
Unescape Escape View File

@ -1862,10 +1862,12 @@ end:
if ((uint64_t)hstate->conn->in_data_counter > hstate->last_request_data_stamp &&
(uint64_t)hstate->conn->in_data_counter - hstate->last_request_data_stamp < (uint64_t)UINT_MAX)
{
uint32_t x = (uint32_t)((uint64_t)hstate->conn->in_data_counter - hstate->last_request_data_stamp);
const uint32_t data_size = (uint32_t)(
(uint64_t)hstate->conn->in_data_counter - hstate->last_request_data_stamp);
const uint32_t depth = MIN(data_size, hstate->cfg->request.inspect_min_size);
/* body still in progress, but due to min inspect size we need to inspect now */
StreamTcpReassemblySetMinInspectDepth(hstate->f->protoctx, STREAM_TOSERVER, x);
StreamTcpReassemblySetMinInspectDepth(hstate->f->protoctx, STREAM_TOSERVER, depth);
AppLayerParserTriggerRawStreamReassembly(hstate->f, STREAM_TOSERVER);
}
/* after the start of the body, disable the depth logic */
@ -1948,10 +1950,12 @@ static int HTPCallbackResponseBodyData(htp_tx_data_t *d)
if ((uint64_t)hstate->conn->out_data_counter > hstate->last_response_data_stamp &&
(uint64_t)hstate->conn->out_data_counter - hstate->last_response_data_stamp < (uint64_t)UINT_MAX)
{
uint32_t x = (uint32_t)((uint64_t)hstate->conn->out_data_counter - hstate->last_response_data_stamp);
const uint32_t data_size = (uint32_t)((uint64_t)hstate->conn->out_data_counter -
hstate->last_response_data_stamp);
const uint32_t depth = MIN(data_size, hstate->cfg->response.inspect_min_size);
/* body still in progress, but due to min inspect size we need to inspect now */
StreamTcpReassemblySetMinInspectDepth(hstate->f->protoctx, STREAM_TOCLIENT, x);
StreamTcpReassemblySetMinInspectDepth(hstate->f->protoctx, STREAM_TOCLIENT, depth);
AppLayerParserTriggerRawStreamReassembly(hstate->f, STREAM_TOCLIENT);
}
/* after the start of the body, disable the depth logic */

Write Preview
Loading…
Cancel
Save