Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

HTTP: Reset reply_message for HTTP/0.9

Browse source 
OSS-Fuzz tickled an assert when sending a HTTP response before a HTTP/0.9
request. Avoid this by resetting reply_message upon seeing a HTTP/0.9 request.

PCAP was generated artificially: Server sending a reply providing a
Content-Length. Because HTTP/0.9 processing would remove the ContentLine
support analyzer, more data was delivered to the HTTP_Message than
expected, triggering an assert.

This is a follow-up for zeek/zeek#2851.
This commit is contained in:
Arne Welzel 2023-03-13 10:47:34 +01:00
parent c5a9eb920c
commit fbf9d53c44
5 changed files with 45 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
testing/btest/scripts/base/protocols/http/http-09-content-length-confusion.zeek Normal file
View file

@ -0,0 +1,7 @@
# @TEST-DOC: HTTP response with Content-Length followed by HTTP/0.9 request. This triggered an assert.
# @TEST-EXEC: zeek -b -Cr $TRACES/http/http-09-content-length-confusion.pcap %INPUT
# @TEST-EXEC: btest-diff http.log
# @TEST-EXEC: btest-diff weird.log
@load base/frameworks/notice/weird
@load base/protocols/http