mirror of
https://github.com/zeek/zeek.git
synced 2025-10-03 15:18:20 +00:00
af9d31dcc1
The logic for determining whether a gap was entirely within a MIME entity body was not asking the current entity, which may be better able to answer that question if it was using the Content-Range header and thus knows if the gap exceeds the length of the body that's still expected. Addresses BIT-1247
26 lines
632 B
Text
26 lines
632 B
Text
# @TEST-EXEC: bro -r $TRACES/http/content-range-gap-skip.trace %INPUT
|
|
|
|
# In this trace, we should be able to determine that a gap lies
|
|
# entirely within the body of an entity that specifies Content-Range,
|
|
# and so further deliveries after the gap can still be made.
|
|
|
|
global got_gap = F;
|
|
global got_data_after_gap = F;
|
|
|
|
event http_entity_data(c: connection, is_orig: bool, length: count,
|
|
data: string)
|
|
{
|
|
if ( got_gap )
|
|
got_data_after_gap = T;
|
|
}
|
|
|
|
event content_gap(c: connection, is_orig: bool, seq: count, length: count)
|
|
{
|
|
got_gap = T;
|
|
}
|
|
|
|
event bro_done()
|
|
{
|
|
if ( ! got_data_after_gap )
|
|
exit(1);
|
|
}
|