Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Allow '<' and '>' in MIME multipart boundaries.

Browse source 
The spec doesn't actually seem to permit these, but Seth had a (private)
pcap showing them used in the wild (and the HTTP/MIME analyzer failed to
parse content as a result).
This commit is contained in:
Jon Siwek 2015-05-22 11:46:50 -05:00
parent c870fefbef
commit 08822e0dd4
3 changed files with 42 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/analyzer/protocol/http/HTTP.cc
View file

@ -1025,8 +1025,11 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
}
else
{
ProtocolViolation("not a http reply line");
reply_state = EXPECT_REPLY_NOTHING;
if ( line != end_of_line )
{
ProtocolViolation("not a http reply line");
reply_state = EXPECT_REPLY_NOTHING;
}
}
break;