Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 19:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

fix Content-Encoding: x-gzip

Browse source 
RFC 7230 section 4.2.3 states that:

"A recipient SHOULD consider 'x-gzip' to be equivalent to 'gzip'"

This could lead to evasions as an attacker could use:

Content-Encoding: x-gzip

To bypass Bro's decompression.
This commit is contained in:
jbencteux 2018-04-13 14:10:26 +02:00 committed by Jon Siwek
parent bb20026267
commit 2a01c70837
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/analyzer/protocol/http/HTTP.cc
View file

@ -451,7 +451,8 @@ void HTTP_Entity::SubmitHeader(mime::MIME_Header* h)
else if ( mime::strcasecmp_n(h->get_name(), "content-encoding") == 0 ) else if ( mime::strcasecmp_n(h->get_name(), "content-encoding") == 0 )
{ {
data_chunk_t vt = h->get_value_token(); data_chunk_t vt = h->get_value_token();
if ( mime::strcasecmp_n(vt, "gzip") == 0 ) if ( mime::strcasecmp_n(vt, "gzip") == 0 ||
mime::strcasecmp_n(vt, "x-gzip") == 0 )
encoding = GZIP; encoding = GZIP;
if ( mime::strcasecmp_n(vt, "deflate") == 0 ) if ( mime::strcasecmp_n(vt, "deflate") == 0 )
encoding = DEFLATE; encoding = DEFLATE;