Commit 35220f8583ab4c1758db98c3d1df50659a935af0 - libhtp

Update upstream source from tag 'upstream/0.5.35' Update to upstream version '0.5.35' with Debian dir 9dc5532603d23efa281a4449088866b451962117 Sascha Steinbiss 3 years ago

3 changed file(s) with 30 addition(s) and 6 deletion(s). Raw diff Collapse all Expand all

-0

ChangeLog less more

	0	0.5.35 (8 October 2020)
	1
	2	- fix memory leak in tunnel traffoc
	3
	4	- fix case where chunked data causes excessive CPU use
	5
0	6	0.5.34 (11 September 2020)
1	7	--------------------------
2	8

-1

VERSION less more

0	0	# This file is intended to be sourced by sh
1		PKG_VERSION=0.5.34
	1	PKG_VERSION=0.5.35

+23

-5

htp/htp_response.c less more

341	341	return HTP_DATA;
342	342	}
343	343
	344	static inline int is_chunked_ctl_char(const unsigned char c) {
	345	switch (c) {
	346	case 0x0d:
	347	case 0x0a:
	348	case 0x20:
	349	case 0x09:
	350	case 0x0b:
	351	case 0x0c:
	352	return 1;
	353	default:
	354	return 0;
	355	}
	356	}
	357
344	358	/**
345	359	* Peeks ahead into the data to try to see if it starts with a valid Chunked
346	360	* length field.

360	374	while (i < len) {
361	375	unsigned char c = data[i];
362	376
363		if (c == 0x0d \|\| c == 0x0a \|\| c == 0x20 \|\| c == 0x09 \|\| c == 0x0b \|\| c == 0x0c) {
	377	if (is_chunked_ctl_char(c)) {
364	378	// ctl char, still good.
365	379	} else if (isdigit(c) \|\| (c >= 'a' && c <= 'f') \|\| (c >= 'A' && c <= 'F')) {
366	380	// real chunklen char

385	399	OUT_COPY_BYTE_OR_RETURN(connp);
386	400
387	401	// Have we reached the end of the line? Or is this not chunked after all?
388		if (connp->out_next_byte == LF \|\| !data_probe_chunk_length(connp)) {
	402	if (connp->out_next_byte == LF \|\|
	403	(!is_chunked_ctl_char(connp->out_next_byte) && !data_probe_chunk_length(connp))) {
389	404	unsigned char *data;
390	405	size_t len;
391	406

544	559	return rc;
545	560	} else if (connp->out_tx->response_status_number == 407) {
546	561	// proxy telling us to auth
547		connp->in_status = HTP_STREAM_DATA;
	562	if (connp->in_status != HTP_STREAM_ERROR)
	563	connp->in_status = HTP_STREAM_DATA;
548	564	} else {
549	565	// This is a failed CONNECT stream, which means that
550	566	// we can unblock request parsing
551		connp->in_status = HTP_STREAM_DATA;
	567	if (connp->in_status != HTP_STREAM_ERROR)
	568	connp->in_status = HTP_STREAM_DATA;
552	569
553	570	// We are going to continue processing this transaction,
554	571	// adding a note for ourselves to stop at the end (because

570	587	if (te == NULL && cl == NULL) {
571	588	connp->out_state = htp_connp_RES_FINALIZE;
572	589
573		connp->in_status = HTP_STREAM_TUNNEL;
	590	if (connp->in_status != HTP_STREAM_ERROR)
	591	connp->in_status = HTP_STREAM_TUNNEL;
574	592	connp->out_status = HTP_STREAM_TUNNEL;
575	593
576	594	// we may have response headers