Project

General

Profile

Actions

Bug #427

closed

CONNECT request followed by 200 Connection Established not handled properly

Added by Victor Julien over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

A CONNECT request followed by 200 ok leads to 2 http.log entries, instead of the expected 1.

03/05/2012-17:31:21.098550 <hostname unknown> [**] <hostnameredacted>:443 [**] Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322) [**] 10.3.x.x:1114 -> 10.160.x.x:8080
03/05/2012-17:31:21.098550 <hostname unknown> [**] \xF2\xBB5\x8Fh>\x18\xF0\xEA|\xDB\x81\xC3\x08 [**] <useragent unknown> [**] 10.3.x.x:1114 -> 10.160.x.x:8080

It turns out that our libhtp never sets the state STREAM_STATE_TUNNEL. This has been fixed in the libhtp master branch. Backporting the fix is required.


Files

Actions #1

Updated by Victor Julien over 12 years ago

libhtp upstream fixed this in this commit: https://github.com/ironbee/libhtp/commit/4de9f4f6a5f18c7b896fd839e7b0625c902f97d1

Attached is the same patch after applying with (with 3 way automerge) to 0.2.x branch.

Actions #2

Updated by Victor Julien over 12 years ago

  • % Done changed from 0 to 70

Patch sent upstream.

Actions #3

Updated by Victor Julien over 12 years ago

  • % Done changed from 70 to 80

Patch applied upstream.

Actions #4

Updated by Victor Julien over 12 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 80 to 100

Upstream patches applied to bundled libhtp.

Actions

Also available in: Atom PDF