Fix HTTP evasion

- Happen when there is no CRLF at the end of HTTP - Fix by adding CRLF when packet is complete (in relation to content-length in header)
2025-10-02 06:38:20 +00:00 · 2021-07-23 09:28:29 +02:00 · 2021-07-23 09:28:29 +02:00 · 8cabecec40
commit 8cabecec40
parent 9383c926ad
8 changed files with 74 additions and 0 deletions
--- a/src/analyzer/protocol/http/HTTP.cc
+++ b/src/analyzer/protocol/http/HTTP.cc
@ -166,6 +166,7 @@ void HTTP_Entity::Deliver(int len, const char* data, bool trailing_CRLF)
 		if ( expect_data_length <= 0 )
 			{
 			SetPlainDelivery(0);
+			http_message->SetDeliverySize(-1);
 			EndOfData();
 			}
 		}
@ -510,6 +511,9 @@ void HTTP_Entity::SubmitAllHeaders()
 	// in_header should be set to false when SubmitAllHeaders() is called.
 	ASSERT(! in_header);

+	if (content_length >= 0 )
+		http_message->SetDeliverySize(content_length);
+
 	if ( DEBUG_http )
 		DEBUG_MSG("%.6f end of headers\n", run_state::network_time);

@ -825,6 +829,11 @@ void HTTP_Message::SetPlainDelivery(int64_t length)
 		content_line->SkipBytesAfterThisLine(length);
 	}

+void HTTP_Message::SetDeliverySize(int64_t length)
+	{
+	content_line->SetDeliverySize(length);
+	}
+
 void HTTP_Message::SkipEntityData()
 	{
 	if ( current_entity )
--- a/src/analyzer/protocol/http/HTTP.h
+++ b/src/analyzer/protocol/http/HTTP.h
@ -120,6 +120,7 @@ public:

 	void SubmitTrailingHeaders(analyzer::mime::MIME_HeaderList& /* hlist */);
 	void SetPlainDelivery(int64_t length);
+	void SetDeliverySize(int64_t length);
 	void SkipEntityData();

 	HTTP_Analyzer* MyHTTP_Analyzer() const