libhtp
libhtp copied to clipboard
OISF
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces.
With Suricata 7.0.x and libhtp 0.5.39, we have observed (on the production deployment) that some of headers seems to have been merged to headers from another request. We have the...
function: htp_mpart_part_handle_data line: part->parser->pending_header_line = bstr_add_mem(part->parser->pending_header_line, data, len); if memory not enough, bstr_add_mem return NULL but not free part->parser->pending_header_line old memory
https://github.com/OISF/libhtp/blob/9cce4fb5348027fe666f21beeb829324a3afe79a/htp/htp_parsers.c#L178 This will flag the authorization header as HTP_AUTH_UNRECOGNIZED for Bearer tokens. Would it make sense to add 'bearer' as a type?
When libhtp encounters headers with repeated name, it unconditionally concatenates them with ", " into a single header. Unfortunately, it seems to do more harm than good. For example, consider...
It seems many tests are wrong, since use multiple `HTTP/1.0` answers without `connection: keep-alive` AFAIK, if request was `HTTP/1.1` (as in many tests) 1. `HTTP/1.1`-aware server should answer with `HTTP/1.1`...
It's placed in /usr/local/lib/pkgconfig/, but pkg-config expects it in /usr/local/libdata/pkgconfig/. The location is currently hard-coded in Makefile.am to $(libdir)/pkgconfig. This is something we should ideally detect when configuring. Alternatively, a...
**Not for merge.** In my quest to find where Suricata spends it's memory I've created this branch to track libhtp's memory allocations and frees. What it does is create wrapper...
#416 with resistance to having the last (but not first) transaction being freed : popping it, instead of replacing it by NULL, so that we can still use its index
