Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

analyzer/http: Do not assume char is signed

Browse source 
On aarch64, char is unsigned, so is_HTTP_token_char() allowed
non-ASCII stuff with the high-bit set.

Fixes part of #2742
This commit is contained in:
Arne Welzel 2023-02-01 18:22:13 +01:00
parent e762efc9af
commit 71bcd15d2e
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/analyzer/protocol/http/HTTP.cc
View file

@ -1186,9 +1186,9 @@ const char* HTTP_Analyzer::PrefixWordMatch(const char* line, const char* end_of_
return line;
}
static bool is_HTTP_token_char(char c)
static bool is_HTTP_token_char(unsigned char c)
{
return c > 31 && c != 127 && // CTL per RFC 2616.
return c > 31 && c < 127 && // Exclude non-ascii and DEL/CTL per RFC 2616
c != ' ' && c != '\t' && // Separators.
c != '(' && c != ')' && c != '<' && c != '>' && c != '@' && c != ',' && c != ';' &&
c != ':' && c != '\\' && c != '"' && c != '/' && c != '[' && c != ']' && c != '?' &&