Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 17:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

fix using chunked mode with HTTP/1.0

Browse source 
According to RFC 7230, Transfer-Encoding was added in HTTP/1.1. Such a
header in a HTTP/1.0 message should be ignored. Interpreting it can be
harmful when sending a HTTP/1.0 message because the parser would
indefinitely wait for a chunk size instead of parsing the message's
body as non-chunked, leading to a HTTP content evasion.
This commit is contained in:
jbencteux 2018-04-13 16:11:55 +02:00 committed by Jon Siwek
parent 2e2d086144
commit ec4a936f66
2 changed files with 13 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/analyzer/protocol/http/HTTP.cc
View file

@ -470,8 +470,15 @@ void HTTP_Entity::SubmitHeader(mime::MIME_Header* h)
else if ( mime::strcasecmp_n(h->get_name(), "transfer-encoding") == 0 )
{
double http_version = 0;
if (http_message->analyzer->GetRequestOngoing())
http_version = http_message->analyzer->GetRequestVersion();
else // reply_ongoing
http_version = http_message->analyzer->GetReplyVersion();
data_chunk_t vt = h->get_value_token();
if ( mime::strcasecmp_n(vt, "chunked") == 0 )
if ( mime::strcasecmp_n(vt, "chunked") == 0 &&
http_version == 1.1)
chunked_transfer_state = BEFORE_CHUNK;
}

5
src/analyzer/protocol/http/HTTP.h
View file

@ -178,6 +178,11 @@ public:
void ConnectionReset() override;
void PacketWithRST() override;
double GetRequestVersion() { return request_version; };
double GetReplyVersion() { return reply_version; };
int GetRequestOngoing() { return request_ongoing; };
int GetReplyOngoing() { return reply_ongoing; };
static analyzer::Analyzer* Instantiate(Connection* conn)
{ return new HTTP_Analyzer(conn); }