Bug #418

Updated by Victor Julien almost 2 years ago

To avoid confusion with actual escaped characters this function should escape stray backslashes.

Example:

<pre>
nc www.openinfosecfoundation.org 80
GET /foo/\x80 HTTP/1.0

HTTP/1.1 404 Not Found
Date: Fri, 02 Mar 2012 19:41:33 GMT
Server:
Content-Length: 206
Connection: close
Content-Type: text/html; charset=iso-8859-1

</pre>
In Suricata this request will look like this in the http.log.

<pre>
03/02/2012-14:24:34.652663 <hostname unknown> [**] /foo/\x80 [**] <useragent unknown> [**] <no referer> [**] GET [**] HTTP/1.0 [**] 404 [**] 206 bytes [**]....
</pre>


Similar request in an Apache log..

<pre>
127.0.0.1 - - [01/Feb/2012:09:23:52 -0600] "GET /foo/\\x80 HTTP/1.0" 404 484 "-" "-"
</pre>

Back