Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix HTTP evasion

Browse source 
- Happen when there is no CRLF at the end of HTTP
    - Fix by adding CRLF when packet is complete (in relation to content-length in header)
This commit is contained in:
jerome Grandvalet 2021-07-23 09:28:29 +02:00
parent 9383c926ad
commit 8cabecec40
8 changed files with 74 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/analyzer/protocol/http/HTTP.cc
View file

@ -166,6 +166,7 @@ void HTTP_Entity::Deliver(int len, const char* data, bool trailing_CRLF)
if ( expect_data_length <= 0 )
{
SetPlainDelivery(0);
http_message->SetDeliverySize(-1);
EndOfData();
}
}
@ -510,6 +511,9 @@ void HTTP_Entity::SubmitAllHeaders()
// in_header should be set to false when SubmitAllHeaders() is called.
ASSERT(! in_header);
if (content_length >= 0 )
http_message->SetDeliverySize(content_length);
if ( DEBUG_http )
DEBUG_MSG("%.6f end of headers\n", run_state::network_time);
@ -825,6 +829,11 @@ void HTTP_Message::SetPlainDelivery(int64_t length)
content_line->SkipBytesAfterThisLine(length);
}
void HTTP_Message::SetDeliverySize(int64_t length)
{
content_line->SetDeliverySize(length);
}
void HTTP_Message::SkipEntityData()
{
if ( current_entity )