Jon Siwek created BIT-1400:
------------------------------
Summary: topic/jsiwek/mime-multipart-boundary-leniency
Key: BIT-1400
URL: https://bro-tracker.atlassian.net/browse/BIT-1400
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Reporter: Jon Siwek
Assignee: Seth Hall
Fix For: 2.4
Seth had a private pcap showing HTTP multipart content using boundary strings
containing the '<' and '>' characters which causes HTTP/MIME content parsing to
fail. This branch changes it so those characters are allowed (even though not
explicitly permitted by the RFC). It feels a bit hacky to me (but so do most
changes I've done to HTTP/MIME analyzers), so please review and check if the
analysis looks "more correct" now.
I scheduled this for 2.4 because I think Seth mentioned it might be something
to try to get fixed in the final release, but it might be better to put it as
part of 2.5 -- it's not really a severe bug but more of an oddity from a
particular HTTP implementation and Bro's behavior with respect to it hasn't
changed anytime recently (i.e. it's not a regression).
--
This message was sent by Atlassian JIRA
(v6.5-OD-03-002#65000)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
