Bug #3643: Libhtp request: extra whitespace interpreted as dummy new request - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #3643

closed

Libhtp request: extra whitespace interpreted as dummy new request

Added by Philippe Antoine over 4 years ago. Updated over 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

6.0.0beta1

Affected Versions:

5.0.2

Effort:

Difficulty:

Label:

Description

Reported in https://github.com/OISF/libhtp/pull/290

In htp_connp_REQ_FINALIZE, we unread the last end of line so that subsequent calls to htp_connp_REQ_LINE work. However, whenever we enter htp_connp_REQ_IDLE state, the check IN_TEST_NEXT_BYTE_OR_RETURN(connp) always passes even when there is no more data beyond the CRLF creating an empty transaction. htp_connp_REQ_IDLE now explicitly checks to make sure that if we only have two bytes of data, those two bytes are not simply the CRLF before starting a new transaction.

PR :
https://github.com/OISF/libhtp/pull/291

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #3643

Libhtp request: extra whitespace interpreted as dummy new request

Updated by Philippe Antoine over 4 years ago

Updated by Victor Julien over 4 years ago

Updated by Victor Julien over 4 years ago