Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix HTTP evasion

Browse source 
- Happen when there is no CRLF at the end of HTTP
    - Fix by adding CRLF when packet is complete (in relation to content-length in header)
This commit is contained in:
jerome Grandvalet 2021-07-23 09:28:29 +02:00
parent 9383c926ad
commit 8cabecec40
8 changed files with 74 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/analyzer/protocol/tcp/ContentLine.h
View file

@ -50,6 +50,7 @@ public:
// via DeliverStream() and can differentiated by calling
// IsPlainDelivery().
void SetPlainDelivery(int64_t length);
void SetDeliverySize(int64_t length);
int64_t GetPlainDeliveryLength() const { return plain_delivery_length; }
bool IsPlainDelivery() { return is_plain; }
@ -97,6 +98,8 @@ protected:
// Remaining bytes to deliver plain.
int64_t plain_delivery_length;
// Remaining bytes to deliver
int64_t delivery_length;
bool is_plain;
// Don't deliver further data.