aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

http2: forbid data on stream 0

Browse Source 
Ticket: 7658

Suricata will not handle well if we open a file for this tx,
do not close it, but set the transaction state to completed.

RFC 9113 section 6.1 states:

If a DATA frame is received whose Stream Identifier field is 0x00,
the recipient MUST respond with a connection error (Section 5.4.1)
 of type PROTOCOL_ERROR.

(cherry picked from commit 1d6d331752)
pull/13586/head
Philippe Antoine 7 months ago
parent 805ac10fad
commit 97eee2cada
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File

1
rules/http2-events.rules
Unescape Escape View File

@ -21,3 +21,4 @@ alert http2 any any -> any any (msg:"SURICATA HTTP2 too many streams"; flow:esta
alert http2 any any -> any any (msg:"SURICATA HTTP2 authority host mismatch"; flow:established,to_server; app-layer-event:http2.authority_host_mismatch; classtype:protocol-command-decode; sid:2290013; rev:1;)
alert http2 any any -> any any (msg:"SURICATA HTTP2 user info in uri"; flow:established,to_server; app-layer-event:http2.userinfo_in_uri; classtype:protocol-command-decode; sid:2290014; rev:1;)
alert http2 any any -> any any (msg:"SURICATA HTTP2 reassembly limit reached"; flow:established; app-layer-event:http2.reassembly_limit_reached; classtype:protocol-command-decode; sid:2290015; rev:1;)
alert http2 any any -> any any (msg:"SURICATA HTTP2 data on stream zero"; flow:established; app-layer-event:http2.data_stream_zero; classtype:protocol-command-decode; sid:2290018; rev:1;)

5
rust/src/http2/http2.rs
Unescape Escape View File

@ -409,6 +409,7 @@ pub enum HTTP2Event {
AuthorityHostMismatch,
UserinfoInUri,
ReassemblyLimitReached,
DataStreamZero,
}
pub struct HTTP2DynTable {
@ -1078,7 +1079,9 @@ impl HTTP2State {
data: txdata,
});
}
if ftype == parser::HTTP2FrameType::Data as u8 {
if ftype == parser::HTTP2FrameType::Data as u8 && sid == 0 {
tx.tx_data.set_event(HTTP2Event::DataStreamZero as u8);
} else if ftype == parser::HTTP2FrameType::Data as u8 && sid > 0 {
match unsafe { SURICATA_HTTP2_FILE_CONFIG } {
Some(sfcm) => {
//borrow checker forbids to reuse directly tx

Write Preview
Loading…
Cancel
Save