Bug #133
closedsuricata app-layer-htp response Zero-length data chunks are not allowed
Description
Hi,
I have downloaded last suricata git version (v0.8.2 release have same pb), and I have this error with joigned pcap file:
[25537] 28/4/2010 -- 13:14:28 - (app-layer-htp.c:406) <Error> (HTPHandleResponseData) -- [ERRCODE: SC_ERR_ALPARSER(56)] - Error in parsing HTTP server response: [1] [htp_response.c] [733] Zero-length data chunks are not allowed
[25537] 28/4/2010 -- 13:14:28 - (app-layer-parser.c:831) <Error> (AppLayerParse) -- [ERRCODE: SC_ERR_ALPARSER(56)] - Error occured in parsing "http" app layer protocol, using network protocol 6, source IP address 10.50.1.208, destination IP address 199.7.71.72, src port 51173 and dst port 80
If anyone have a idea please?
Joigned pcap file (not fuzing, it's a real/live trafic) contains http connection to ocsp_verisign since firefox browser.
Regards
Rmkml
Files
Updated by Pablo Rincon over 14 years ago
- File 0001-Do-not-invoke-libhtp-without-data-to-process.patch 0001-Do-not-invoke-libhtp-without-data-to-process.patch added
- Status changed from New to Assigned
- Assignee set to Pablo Rincon
Hi, this patch should fix it. The engine was not checking the size of the chunks and there was one of zero length, resulting on an error on the htplib.
Updated by Gurvinder Singh over 14 years ago
- File 0001-fix-bug-133-error-caused-by-seq-mismatch-in-fin_wai.patch 0001-fix-bug-133-error-caused-by-seq-mismatch-in-fin_wai.patch added
- Status changed from Assigned to Resolved
Attached is the patch which fixes the cause of having zero size messages in itself. As in the given pcap there should not be any such messages.
Updated by Victor Julien over 14 years ago
- Status changed from Resolved to Closed
- Target version set to 0.9.0
This was fixed by applying Gurvinder's patch. Thanks guys.