Project

General

Profile

Actions
Copy link

Bug #3643

closed

Libhtp request: extra whitespace interpreted as dummy new request

Added by Philippe Antoine about 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
6.0.0beta1
Affected Versions:
5.0.2
Effort:
Difficulty:
Label:

Description

Reported in https://github.com/OISF/libhtp/pull/290

In htp_connp_REQ_FINALIZE, we unread the last end of line so that subsequent calls to htp_connp_REQ_LINE work. However, whenever we enter htp_connp_REQ_IDLE state, the check IN_TEST_NEXT_BYTE_OR_RETURN(connp) always passes even when there is no more data beyond the CRLF creating an empty transaction. htp_connp_REQ_IDLE now explicitly checks to make sure that if we only have two bytes of data, those two bytes are not simply the CRLF before starting a new transaction.

PR :
https://github.com/OISF/libhtp/pull/291

Related issues 1 (0 open1 closed)

Blocks Suricata - Task #3479: libhtp 0.5.33 (4.1.x)ClosedPhilippe AntoineActions
Actions
Copy link
 #1

Updated by Philippe Antoine about 4 years ago

Actions
Copy link
 #2

Updated by Victor Julien about 4 years ago

  • Assignee set to Philippe Antoine
  • Target version changed from 5.0.3 to 6.0.0beta1
Actions
Copy link
 #3

Updated by Victor Julien about 4 years ago

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: Atom PDF