Project

General

Profile

Actions

Bug #6108

closed

http: leading gap in request data leads to invalid next request

Added by Victor Julien over 1 year ago. Updated about 1 month ago.

Status:
Rejected
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

If there is a leading gap, the next request can get affected. E.g.

[ gap masking request line etc ]xxxxxPOST <rest of request>

In this case the method is parsed as xxxxxPOST.

The parser knows if there is a leading GAP, so we should probably look for the start of the next request using a scan with the patterns used by the protocol detection.


Files

gap2.pcap (1.7 KB) gap2.pcap Philippe Antoine, 06/22/2023 08:19 AM

Related issues 1 (0 open1 closed)

Related to Suricata - Task #6209: libhtp 0.5.46ClosedVictor JulienActions
Actions

Also available in: Atom PDF