Hello community,
here is the log from the commit of package libhtp for openSUSE:Factory checked
in at 2020-12-17 17:05:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libhtp (Old)
and /work/SRC/openSUSE:Factory/.libhtp.new.5145 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libhtp"
Thu Dec 17 17:05:21 2020 rev:7 rq:856480 version:0.5.36
Changes:
--------
--- /work/SRC/openSUSE:Factory/libhtp/libhtp.changes 2020-10-10
19:05:14.196511095 +0200
+++ /work/SRC/openSUSE:Factory/.libhtp.new.5145/libhtp.changes 2020-12-17
17:09:00.845953533 +0100
@@ -1,0 +2,6 @@
+Fri Dec 4 17:09:01 UTC 2020 - Martin Hauke <mar...@gmx.de>
+
+- Update to version 0.5.36
+ * fix a http pipelining issue
+
+-------------------------------------------------------------------
Old:
----
libhtp-0.5.35.tar.gz
New:
----
libhtp-0.5.36.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libhtp.spec ++++++
--- /var/tmp/diff_new_pack.c8a6r3/_old 2020-12-17 17:09:01.357954041 +0100
+++ /var/tmp/diff_new_pack.c8a6r3/_new 2020-12-17 17:09:01.361954046 +0100
@@ -19,7 +19,7 @@
%define sover 2
%define lname %{name}%{sover}
Name: libhtp
-Version: 0.5.35
+Version: 0.5.36
Release: 0
Summary: HTTP normalizer and parser
License: BSD-3-Clause
++++++ libhtp-0.5.35.tar.gz -> libhtp-0.5.36.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.35/ChangeLog new/libhtp-0.5.36/ChangeLog
--- old/libhtp-0.5.35/ChangeLog 2020-10-05 12:04:03.000000000 +0200
+++ new/libhtp-0.5.36/ChangeLog 2020-12-03 12:05:03.000000000 +0100
@@ -1,4 +1,10 @@
+0.5.36 (3 December 2020)
+------------------------
+
+- fix a http pipelining issue (#304, fixed by #312)
+
0.5.35 (8 October 2020)
+-----------------------
- fix memory leak in tunnel traffoc
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.35/VERSION new/libhtp-0.5.36/VERSION
--- old/libhtp-0.5.35/VERSION 2020-10-05 12:04:03.000000000 +0200
+++ new/libhtp-0.5.36/VERSION 2020-12-03 12:05:03.000000000 +0100
@@ -1,2 +1,2 @@
# This file is intended to be sourced by sh
-PKG_VERSION=0.5.35
+PKG_VERSION=0.5.36
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.35/htp/htp_request.c
new/libhtp-0.5.36/htp/htp_request.c
--- old/libhtp-0.5.35/htp/htp_request.c 2020-10-05 12:04:03.000000000 +0200
+++ new/libhtp-0.5.36/htp/htp_request.c 2020-12-03 12:05:03.000000000 +0100
@@ -843,11 +843,11 @@
}
if (connp->in_next_byte != LF || connp->in_current_consume_offset >=
connp->in_current_read_offset) {
for (;;) {//;i < max_read; i++) {
- IN_COPY_BYTE_OR_RETURN(connp);
- // Have we reached the end of the line? For some reason
- // we can't test after IN_COPY_BYTE_OR_RETURN */
+ // peek until LF but do not mark it read so that REQ_LINE works
+ IN_PEEK_NEXT(connp);
if (connp->in_next_byte == LF)
break;
+ IN_COPY_BYTE_OR_RETURN(connp);
}
}
}
@@ -877,43 +877,34 @@
while ((pos < len) && (!htp_is_space(data[pos])))
pos++;
- if (pos <= mstart) {
- //empty whitespace line
- htp_status_t rc = htp_tx_req_process_body_data_ex(connp->in_tx, data,
len);
- htp_connp_req_clear_buffer(connp);
- return rc;
- } else {
+ if (pos > mstart) {
+ //non empty whitespace line
int methodi = HTP_M_UNKNOWN;
bstr *method = bstr_dup_mem(data + mstart, pos - mstart);
if (method) {
methodi = htp_convert_method_to_number(method);
bstr_free(method);
}
- if (methodi == HTP_M_UNKNOWN) {
- if (connp->in_body_data_left <= 0) {
- // log only once per transaction
- htp_log(connp, HTP_LOG_MARK, HTP_LOG_WARNING, 0, "Unexpected
request body");
- } else {
- connp->in_body_data_left = 1;
- }
- // Interpret remaining bytes as body data
- htp_status_t rc = htp_tx_req_process_body_data_ex(connp->in_tx,
data, len);
- htp_connp_req_clear_buffer(connp);
- return rc;
+ if (methodi != HTP_M_UNKNOWN) {
+ connp->in_body_data_left = -1;
+ return htp_tx_state_request_complete(connp->in_tx);
} // else continue
- connp->in_body_data_left = -1;
- }
- //unread last end of line so that REQ_LINE works
- if (connp->in_current_read_offset < (int64_t)len) {
- connp->in_current_read_offset=0;
- } else {
- connp->in_current_read_offset-=len;
- }
- if (connp->in_current_read_offset < connp->in_current_consume_offset) {
- connp->in_current_consume_offset=connp->in_current_read_offset;
+ if (connp->in_body_data_left <= 0) {
+ // log only once per transaction
+ htp_log(connp, HTP_LOG_MARK, HTP_LOG_WARNING, 0, "Unexpected
request body");
+ } else {
+ connp->in_body_data_left = 1;
+ }
}
-
- return htp_tx_state_request_complete(connp->in_tx);
+ //Adds linefeed to the buffer if there was one
+ if (connp->in_next_byte == LF) {
+ IN_COPY_BYTE_OR_RETURN(connp);
+ htp_connp_req_consolidate_data(connp, &data, &len);
+ }
+ // Interpret remaining bytes as body data
+ htp_status_t rc = htp_tx_req_process_body_data_ex(connp->in_tx, data, len);
+ htp_connp_req_clear_buffer(connp);
+ return rc;
}
htp_status_t htp_connp_REQ_IGNORE_DATA_AFTER_HTTP_0_9(htp_connp_t *connp) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.35/htp/htp_util.c
new/libhtp-0.5.36/htp/htp_util.c
--- old/libhtp-0.5.35/htp/htp_util.c 2020-10-05 12:04:03.000000000 +0200
+++ new/libhtp-0.5.36/htp/htp_util.c 2020-12-03 12:05:03.000000000 +0100
@@ -1976,7 +1976,7 @@
*/
void fprint_raw_data(FILE *stream, const char *name, const void *data, size_t
len) {
// may happen for gaps
- if (data == NULL && len > 0) {
+ if (data == NULL) {
fprintf(stream, "\n%s: ptr NULL len %u\n", name, (unsigned int)len);
} else {
fprint_raw_data_ex(stream, name, data, 0, len);
_______________________________________________
openSUSE Commits mailing list -- commit@lists.opensuse.org
To unsubscribe, email commit-le...@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives:
https://lists.opensuse.org/archives/list/commit@lists.opensuse.org
