Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

http: Prevent script errors when http$current_entity is not set

Browse source 
The current_entity tracking in HTTP assumes that client/server never
send HTTP entities at the same time. The attached pcap (generated
artificially) violates this and triggers:

    1663698249.307259 expression error in <...>base/protocols/http/./entities.zeek, line 89: field value missing (HTTP::c$http$current_entity)

For the http-no-crlf test, include weird.log as baseline. Now that weird is
@load'ed from http, it is actually created and seems to make sense
to btest-diff it, too.
This commit is contained in:
Arne Welzel 2022-09-21 10:17:03 +02:00
parent 19ba30d77a
commit 38e226bf75
7 changed files with 55 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
testing/btest/scripts/base/protocols/http/missing-http-entity.zeek Normal file
View file

@ -0,0 +1,7 @@
# @TEST-DOC: The server starts sending a response while the client is still uploading the POST payload. This causes http_header to be raised while no entity is set.
# @TEST-EXEC: zeek -b -r $TRACES/http/interleaved-http-entity.pcap %INPUT
# @TEST-EXEC: btest-diff http.log
# @TEST-EXEC: btest-diff weird.log
@load base/protocols/http
@load base/frameworks/notice/weird