diff options
| author | AndersBroman <anders.broman@ericsson.com> | 2014-07-03 13:46:32 +0200 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2014-07-04 14:00:50 +0000 |
| commit | dd424c622581310b4d0d79bc57137f03d2573752 (patch) | |
| tree | 54de4646df132b7a01bdf315ffcd463a87669e96 | |
| parent | 34d09f770c427cd829f8c1c85e4da12df0e2a0e9 (diff) | |
| download | wireshark-dd424c622581310b4d0d79bc57137f03d2573752.tar.gz | |
Handle the case where the previous PDU has left an extra CRLF in the stream.RFC 2626 In the interest of robustness, servers SHOULD ignore any empty line(s) received where a Request-Line is expected. In other words, if the server is reading the protocol stream at the beginning of a message and receives a CRLF first, it should ignore the CRLF.
Change-Id: I97ba94f451463c8facd2c20bf6b7364f095119e7
Reviewed-on: https://code.wireshark.org/review/2808
Reviewed-by: Anders Broman <a.broman58@gmail.com>
| -rw-r--r-- | epan/dissectors/packet-http.c | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/epan/dissectors/packet-http.c b/epan/dissectors/packet-http.c index 7fb6d1c579..e7b79dbb52 100644 --- a/epan/dissectors/packet-http.c +++ b/epan/dissectors/packet-http.c @@ -136,7 +136,7 @@ static expert_field ei_http_chat = EI_INIT; static expert_field ei_http_chunked_and_length = EI_INIT; static expert_field ei_http_subdissector_failed = EI_INIT; static expert_field ei_http_ssl_port = EI_INIT; - +static expert_field ei_http_leading_crlf = EI_INIT; static dissector_handle_t http_handle; @@ -720,6 +720,9 @@ dissect_http_message(tvbuff_t *tvb, int offset, packet_info *pinfo, /*http_info_value_t *si;*/ http_eo_t *eo_info; heur_dtbl_entry_t *hdtbl_entry; + int reported_length; + guint16 word; + gboolean leading_crlf = FALSE; /* * If this should be a request or response, do this quick check to see if @@ -727,7 +730,26 @@ dissect_http_message(tvbuff_t *tvb, int offset, packet_info *pinfo, * Otherwise, looking for the end of line in a binary file can take a long time * and this probably isn't HTTP */ - if ((tvb_reported_length_remaining(tvb, offset) < 1) || !g_ascii_isprint(tvb_get_guint8(tvb, offset))) { + reported_length = tvb_reported_length_remaining(tvb, offset); + if (reported_length < 1) { + return -1; + } + + /* RFC 2616 + * In the interest of robustness, servers SHOULD ignore any empty + * line(s) received where a Request-Line is expected. In other words, if + * the server is reading the protocol stream at the beginning of a + * message and receives a CRLF first, it should ignore the CRLF. + */ + + if(reported_length > 3){ + word = tvb_get_ntohs(tvb,offset); + if(word == 0x0d0a){ + leading_crlf = TRUE; + offset+=2; + } + } + if (!g_ascii_isprint(tvb_get_guint8(tvb, offset))) { return -1; } @@ -983,6 +1005,9 @@ dissect_http_message(tvbuff_t *tvb, int offset, packet_info *pinfo, if ((tree) && (http_tree == NULL)) { ti = proto_tree_add_item(tree, proto_http, tvb, orig_offset, -1, ENC_NA); http_tree = proto_item_add_subtree(ti, ett_http); + if(leading_crlf){ + proto_tree_add_expert(http_tree, pinfo, &ei_http_leading_crlf, tvb, orig_offset-2, 2); + } } if (first_loop && !is_ssl && pinfo->ptype == PT_TCP && @@ -3066,6 +3091,7 @@ proto_register_http(void) { &ei_http_chunked_and_length, { "http.chunkd_and_length", PI_MALFORMED, PI_WARN, "It is incorrect to specify a content-length header and chunked encoding together.", EXPFILL }}, { &ei_http_subdissector_failed, { "http.subdissector_failed", PI_MALFORMED, PI_NOTE, "HTTP body subdissector failed, trying heuristic subdissector", EXPFILL }}, { &ei_http_ssl_port, { "http.ssl_port", PI_SECURITY, PI_WARN, "Unencrypted HTTP protocol detected over encrypted port, could indicate a dangerous misconfiguration.", EXPFILL }}, + { &ei_http_leading_crlf, { "http.leading_crlf", PI_MALFORMED, PI_ERROR, "Leading CRLF previous message in the stream may have extra CRLF", EXPFILL }}, }; /* UAT for header fields */ |