Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libhtp for openSUSE:Factory checked in at 2022-09-29 18:13:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libhtp (Old) and /work/SRC/openSUSE:Factory/.libhtp.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libhtp" Thu Sep 29 18:13:16 2022 rev:12 rq:1006724 version:0.5.41 Changes: -------- --- /work/SRC/openSUSE:Factory/libhtp/libhtp.changes 2022-06-28 15:23:16.774023646 +0200 +++ /work/SRC/openSUSE:Factory/.libhtp.new.2275/libhtp.changes 2022-09-29 18:14:00.503331601 +0200 @@ -1,0 +2,8 @@ +Wed Sep 28 08:16:01 UTC 2022 - Michael Str??der <[email protected]> + +- Update to version 0.5.41 + * trim white space of invalid folding for first header + * clear buffered data for body data + * minor optimization for decompression code + +------------------------------------------------------------------- Old: ---- libhtp-0.5.40.tar.gz New: ---- libhtp-0.5.41.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libhtp.spec ++++++ --- /var/tmp/diff_new_pack.mxTBhq/_old 2022-09-29 18:14:01.119332804 +0200 +++ /var/tmp/diff_new_pack.mxTBhq/_new 2022-09-29 18:14:01.123332811 +0200 @@ -19,7 +19,7 @@ %define sover 2 %define lname %{name}%{sover} Name: libhtp -Version: 0.5.40 +Version: 0.5.41 Release: 0 Summary: HTTP normalizer and parser License: BSD-3-Clause ++++++ libhtp-0.5.40.tar.gz -> libhtp-0.5.41.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libhtp-0.5.40/ChangeLog new/libhtp-0.5.41/ChangeLog --- old/libhtp-0.5.40/ChangeLog 2022-04-21 07:58:30.000000000 +0200 +++ new/libhtp-0.5.41/ChangeLog 2022-09-27 09:32:46.000000000 +0200 @@ -1,3 +1,12 @@ +0.5.41 (27 September 2022) +-------------------------- + +- trim white space of invalid folding for first header + +- clear buffered data for body data + +- minor optimization for decompression code + 0.5.40 (21 April 2022) ---------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libhtp-0.5.40/VERSION new/libhtp-0.5.41/VERSION --- old/libhtp-0.5.40/VERSION 2022-04-21 07:58:30.000000000 +0200 +++ new/libhtp-0.5.41/VERSION 2022-09-27 09:32:46.000000000 +0200 @@ -1,2 +1,2 @@ # This file is intended to be sourced by sh -PKG_VERSION=0.5.40 +PKG_VERSION=0.5.41 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libhtp-0.5.40/htp/htp_decompressors.c new/libhtp-0.5.41/htp/htp_decompressors.c --- old/libhtp-0.5.40/htp/htp_decompressors.c 2022-04-21 07:58:30.000000000 +0200 +++ new/libhtp-0.5.41/htp/htp_decompressors.c 2022-09-27 09:32:46.000000000 +0200 @@ -182,10 +182,11 @@ * @param[in] d * @return HTP_OK on success, HTP_ERROR or some other negative integer on failure. */ -static htp_status_t htp_gzip_decompressor_decompress(htp_decompressor_gzip_t *drec, htp_tx_data_t *d) { +htp_status_t htp_gzip_decompressor_decompress(htp_decompressor_t *drec1, htp_tx_data_t *d) { size_t consumed = 0; int rc = 0; htp_status_t callback_rc; + htp_decompressor_gzip_t *drec = (htp_decompressor_gzip_t*) drec1; // Pass-through the NULL chunk, which indicates the end of the stream. @@ -217,7 +218,7 @@ } dout.is_last = d->is_last; if (drec->super.next != NULL && drec->zlib_initialized) { - return htp_gzip_decompressor_decompress((htp_decompressor_gzip_t *)drec->super.next, &dout); + return htp_gzip_decompressor_decompress(drec->super.next, &dout); } else { // Send decompressed data to the callback. callback_rc = drec->super.callback(&dout); @@ -252,7 +253,7 @@ d2.is_last = d->is_last; if (drec->super.next != NULL && drec->zlib_initialized) { - callback_rc = htp_gzip_decompressor_decompress((htp_decompressor_gzip_t *)drec->super.next, &d2); + callback_rc = htp_gzip_decompressor_decompress(drec->super.next, &d2); } else { // Send decompressed data to callback. callback_rc = drec->super.callback(&d2); @@ -337,7 +338,7 @@ d2.is_last = d->is_last; if (drec->super.next != NULL && drec->zlib_initialized) { - callback_rc = htp_gzip_decompressor_decompress((htp_decompressor_gzip_t *)drec->super.next, &d2); + callback_rc = htp_gzip_decompressor_decompress(drec->super.next, &d2); } else { // Send decompressed data to the callback. callback_rc = drec->super.callback(&d2); @@ -404,7 +405,8 @@ * * @param[in] drec */ -static void htp_gzip_decompressor_destroy(htp_decompressor_gzip_t *drec) { +void htp_gzip_decompressor_destroy(htp_decompressor_t *drec1) { + htp_decompressor_gzip_t *drec = (htp_decompressor_gzip_t*) drec1; if (drec == NULL) return; htp_gzip_decompressor_end(drec); @@ -424,8 +426,8 @@ htp_decompressor_gzip_t *drec = calloc(1, sizeof (htp_decompressor_gzip_t)); if (drec == NULL) return NULL; - drec->super.decompress = (int (*)(htp_decompressor_t *, htp_tx_data_t *))htp_gzip_decompressor_decompress; - drec->super.destroy = (void (*)(htp_decompressor_t *))htp_gzip_decompressor_destroy; + drec->super.decompress = NULL; + drec->super.destroy = NULL; drec->super.next = NULL; drec->buffer = malloc(GZIP_BUF_SIZE); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libhtp-0.5.40/htp/htp_decompressors.h new/libhtp-0.5.41/htp/htp_decompressors.h --- old/libhtp-0.5.40/htp/htp_decompressors.h 2022-04-21 07:58:30.000000000 +0200 +++ new/libhtp-0.5.41/htp/htp_decompressors.h 2022-09-27 09:32:46.000000000 +0200 @@ -55,8 +55,10 @@ #define DEFLATE_MAGIC_2 0x8b struct htp_decompressor_t { + // no longer used htp_status_t (*decompress)(htp_decompressor_t *, htp_tx_data_t *); htp_status_t (*callback)(htp_tx_data_t *); + // no longer used void (*destroy)(htp_decompressor_t *); struct htp_decompressor_t *next; struct timeval time_before; @@ -81,6 +83,8 @@ }; htp_decompressor_t *htp_gzip_decompressor_create(htp_connp_t *connp, enum htp_content_encoding_t format); +htp_status_t htp_gzip_decompressor_decompress(htp_decompressor_t *drec, htp_tx_data_t *d); +void htp_gzip_decompressor_destroy(htp_decompressor_t *drec); #ifdef __cplusplus } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libhtp-0.5.40/htp/htp_request.c new/libhtp-0.5.41/htp/htp_request.c --- old/libhtp-0.5.40/htp/htp_request.c 2022-04-21 07:58:30.000000000 +0200 +++ new/libhtp-0.5.41/htp/htp_request.c 2022-09-27 09:32:46.000000000 +0200 @@ -700,7 +700,14 @@ } // Keep the header data for parsing later. - connp->in_header = bstr_dup_mem(data, len); + size_t trim = 0; + while(trim < len) { + if (!htp_is_folding_char(data[trim])) { + break; + } + trim++; + } + connp->in_header = bstr_dup_mem(data + trim, len - trim); if (connp->in_header == NULL) return HTP_ERROR; } else { // Add to the existing header. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libhtp-0.5.40/htp/htp_response.c new/libhtp-0.5.41/htp/htp_response.c --- old/libhtp-0.5.40/htp/htp_response.c 2022-04-21 07:58:30.000000000 +0200 +++ new/libhtp-0.5.41/htp/htp_response.c 2022-09-27 09:32:46.000000000 +0200 @@ -946,7 +946,14 @@ } // Keep the header data for parsing later. - connp->out_header = bstr_dup_mem(data, len); + size_t trim = 0; + while(trim < len) { + if (!htp_is_folding_char(data[trim])) { + break; + } + trim++; + } + connp->out_header = bstr_dup_mem(data + trim, len - trim); if (connp->out_header == NULL) return HTP_ERROR; } else { size_t colon_pos = 0; @@ -1073,6 +1080,7 @@ connp->out_current_consume_offset = connp->out_current_read_offset; htp_status_t rc = htp_tx_res_process_body_data_ex(connp->out_tx, data, len + chomp_result); + htp_connp_res_clear_buffer(connp); if (rc != HTP_OK) return rc; // Continue to process response body. Because we don't have diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libhtp-0.5.40/htp/htp_transaction.c new/libhtp-0.5.41/htp/htp_transaction.c --- old/libhtp-0.5.40/htp/htp_transaction.c 2022-04-21 07:58:30.000000000 +0200 +++ new/libhtp-0.5.41/htp/htp_transaction.c 2022-09-27 09:32:46.000000000 +0200 @@ -612,6 +612,7 @@ d.tx = tx; d.data = (unsigned char *) data; d.len = len; + d.is_last = (data == NULL && len == 0); switch(tx->request_content_encoding) { case HTP_COMPRESSION_UNKNOWN: @@ -630,11 +631,11 @@ case HTP_COMPRESSION_DEFLATE: case HTP_COMPRESSION_LZMA: // In severe memory stress these could be NULL - if (tx->connp->req_decompressor == NULL || tx->connp->req_decompressor->decompress == NULL) + if (tx->connp->req_decompressor == NULL) return HTP_ERROR; // Send data buffer to the decompressor. - tx->connp->req_decompressor->decompress(tx->connp->req_decompressor, &d); + htp_gzip_decompressor_decompress(tx->connp->req_decompressor, &d); if (data == NULL) { // Shut down the decompressor, if we used one. @@ -826,7 +827,7 @@ htp_decompressor_t *comp = connp->out_decompressor; while (comp) { htp_decompressor_t *next = comp->next; - comp->destroy(comp); + htp_gzip_decompressor_destroy(comp); comp = next; } connp->out_decompressor = NULL; @@ -836,7 +837,7 @@ htp_decompressor_t *comp = connp->req_decompressor; while (comp) { htp_decompressor_t *next = comp->next; - comp->destroy(comp); + htp_gzip_decompressor_destroy(comp); comp = next; } connp->req_decompressor = NULL; @@ -974,14 +975,14 @@ case HTP_COMPRESSION_DEFLATE: case HTP_COMPRESSION_LZMA: // In severe memory stress these could be NULL - if (tx->connp->out_decompressor == NULL || tx->connp->out_decompressor->decompress == NULL) + if (tx->connp->out_decompressor == NULL) return HTP_ERROR; struct timeval after; gettimeofday(&tx->connp->out_decompressor->time_before, NULL); // Send data buffer to the decompressor. tx->connp->out_decompressor->nb_callbacks=0; - tx->connp->out_decompressor->decompress(tx->connp->out_decompressor, &d); + htp_gzip_decompressor_decompress(tx->connp->out_decompressor, &d); gettimeofday(&after, NULL); // sanity check for race condition if system time changed if ( htp_timer_track(&tx->connp->out_decompressor->time_spent, &after, &tx->connp->out_decompressor->time_before) == HTP_OK) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libhtp-0.5.40/test/files/100-response-body-data.t new/libhtp-0.5.41/test/files/100-response-body-data.t --- old/libhtp-0.5.40/test/files/100-response-body-data.t 1970-01-01 01:00:00.000000000 +0100 +++ new/libhtp-0.5.41/test/files/100-response-body-data.t 2022-09-27 09:32:46.000000000 +0200 @@ -0,0 +1,6 @@ +<<< +1 +2 +<<< +3 +4 \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libhtp-0.5.40/test/test_gunzip.cpp new/libhtp-0.5.41/test/test_gunzip.cpp --- old/libhtp-0.5.40/test/test_gunzip.cpp 2022-04-21 07:58:30.000000000 +0200 +++ new/libhtp-0.5.41/test/test_gunzip.cpp 2022-09-27 09:32:46.000000000 +0200 @@ -46,6 +46,7 @@ #include <gtest/gtest.h> #include <htp/htp_private.h> +#include <htp/htp_decompressors.h> #ifndef O_BINARY #define O_BINARY 0 @@ -103,7 +104,7 @@ // Decompress - htp_status_t rc = decompressor->decompress(decompressor, &d); + htp_status_t rc = htp_gzip_decompressor_decompress(decompressor, &d); free((void *)d.data); @@ -134,7 +135,7 @@ virtual void TearDown() { bstr_free(output); bstr_free(o_boxing_wizards); - decompressor->destroy(decompressor); + htp_gzip_decompressor_destroy(decompressor); htp_connp_destroy_all(connp); htp_config_destroy(cfg); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libhtp-0.5.40/test/test_main.cpp new/libhtp-0.5.41/test/test_main.cpp --- old/libhtp-0.5.40/test/test_main.cpp 2022-04-21 07:58:30.000000000 +0200 +++ new/libhtp-0.5.41/test/test_main.cpp 2022-09-27 09:32:46.000000000 +0200 @@ -121,7 +121,7 @@ switch (count) { case 0: - ASSERT_EQ(0, bstr_cmp_c(h->name, " Invalid-Folding")); + ASSERT_EQ(0, bstr_cmp_c(h->name, "Invalid-Folding")); ASSERT_EQ(0, bstr_cmp_c(h->value, "1")); break; case 1: @@ -2088,3 +2088,46 @@ ASSERT_EQ(200, tx->response_status_number); ASSERT_EQ(HTP_RESPONSE_COMPLETE, tx->response_progress); } + +// emplace_back needs at least C++ 11 +#if __cplusplus > 199711L +struct ResponseBodyDataCallback { + std::vector<std::string> data; +}; + +static int callback_RESPONSE_BODY_DATA(htp_tx_data_t *d) { + struct ResponseBodyDataCallback *user_data = (struct ResponseBodyDataCallback *) htp_tx_get_user_data(d->tx); + + if (!user_data) { + user_data = new ResponseBodyDataCallback(); + htp_tx_set_user_data(d->tx, user_data); + } + + if(d->data) user_data->data.emplace_back(std::string(reinterpret_cast<const char *>(d->data), d->len)); + + return HTP_OK; +} + +TEST_F(ConnectionParsing, ResponseBodyData) { + htp_config_register_response_body_data(cfg, callback_RESPONSE_BODY_DATA); + + int rc = test_run(home, "100-response-body-data.t", cfg, &connp); + ASSERT_GE(rc, 0); + + ASSERT_EQ(1, htp_list_size(connp->conn->transactions)); + htp_tx_t *tx = (htp_tx_t *) htp_list_get(connp->conn->transactions, 0); + ASSERT_TRUE(tx != NULL); + ASSERT_EQ(HTP_REQUEST_COMPLETE, tx->request_progress); + ASSERT_EQ(HTP_RESPONSE_COMPLETE, tx->response_progress); + + struct ResponseBodyDataCallback *user_data = (struct ResponseBodyDataCallback *) htp_tx_get_user_data(tx); + ASSERT_TRUE(user_data); + + ASSERT_EQ(3, user_data->data.size()); + EXPECT_EQ("1\n", user_data->data[0]); + EXPECT_EQ("23\n", user_data->data[1]); + EXPECT_EQ("4", user_data->data[2]); + + delete user_data; +} +#endif
