From fa30e68c0b113bbf57875d6d7639aa972d154b65 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Fri, 7 Apr 2023 10:54:52 +0200 Subject: [PATCH] http0.9: process headers if there are non-space characters Previously, we fell back on HTTP/0.9 if there was a missing protocol except if the following line cintained a colon. This makes libhtp stricter to consider a transaction as 0.9 by only accepting if we have spaces after the request line as done in libhtp-rs --- htp/htp_request.c | 8 +------- test/test_main.cpp | 1 - 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/htp/htp_request.c b/htp/htp_request.c index f802287a..57e5d0e2 100644 --- a/htp/htp_request.c +++ b/htp/htp_request.c @@ -744,21 +744,15 @@ htp_status_t htp_connp_REQ_PROTOCOL(htp_connp_t *connp) { } else { // Let's check if the protocol was simply missing int64_t pos = connp->in_current_read_offset; - int afterspaces = 0; // Probe if data looks like a header line while (pos < connp->in_current_len) { - if (connp->in_current_data[pos] == ':') { + if (!htp_is_space(connp->in_current_data[pos])) { htp_log(connp, HTP_LOG_MARK, HTP_LOG_WARNING, 0, "Request line: missing protocol"); connp->in_tx->is_protocol_0_9 = 0; // Switch to request header parsing. connp->in_state = htp_connp_REQ_HEADERS; connp->in_tx->request_progress = HTP_REQUEST_HEADERS; return HTP_OK; - } else if (htp_is_lws(connp->in_current_data[pos])) { - // Allows spaces after header name - afterspaces = 1; - } else if (htp_is_space(connp->in_current_data[pos]) || afterspaces == 1) { - break; } pos++; } diff --git a/test/test_main.cpp b/test/test_main.cpp index 4e3e7760..73b86868 100644 --- a/test/test_main.cpp +++ b/test/test_main.cpp @@ -558,7 +558,6 @@ TEST_F(ConnectionParsing, Http_0_9_Multiple) { ASSERT_GE(rc, 0); ASSERT_EQ(1, htp_list_size(connp->conn->transactions)); - ASSERT_TRUE(connp->conn->flags & HTP_CONN_HTTP_0_9_EXTRA); htp_tx_t *tx = (htp_tx_t *) htp_list_get(connp->conn->transactions, 0); ASSERT_TRUE(tx != NULL);