mirror of
https://github.com/zeek/zeek.git
synced 2025-10-08 09:38:19 +00:00
fix handling of HTTP body length
Partial content bytes range length value and content length value should not be stored in the same variable. An attacker could override a given Content-Length or Content-Range with a smaller value to evade HTTP content.
This commit is contained in:
parent
2a01c70837
commit
c0cc4ef192
2 changed files with 23 additions and 1 deletions
|
@ -55,6 +55,7 @@ protected:
|
|||
HTTP_Message* http_message;
|
||||
int chunked_transfer_state;
|
||||
int64_t content_length;
|
||||
int64_t range_length;
|
||||
int64_t expect_data_length;
|
||||
int expect_body;
|
||||
int64_t body_length;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue