Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/scripts/base/protocols/http/curl-http-09.zeek
Arne Welzel 540fe7aff7 http: Heuristic around rejecting malformed HTTP/0.9 traffic 
oss-fuzz generated "HTTP traffic" containing 250k+ sequences of "T<space>\r\r"
which Zeek then logged as individual HTTP requests. Add a heuristic to bail
on such request lines. It's a bit specific to the test case, but should work.

There are more issues around handling HTTP/0.9, e.g. triggering
"not a http reply line" when HTTP/0.9 never had such a thing, but
I don't think that's worth fixing up.

Fixes #119
2022-11-18 18:19:58 +01:00

7 lines
257 B
Text
Raw Blame History

# @TEST-DOC: curl --http0.9 to accept the headerless response.
# @TEST-EXEC: zeek -b -Cr $TRACES/http/curl_http_09.pcap %INPUT
# @TEST-EXEC: btest-diff http.log
# @TEST-EXEC: test ! -f weird.log
@load base/frameworks/notice/weird
@load base/protocols/http
Reference in a new issue View git blame Copy permalink