Hello community, here is the log from the commit of package libhtp for openSUSE:Factory checked in at 2020-10-10 19:05:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libhtp (Old) and /work/SRC/openSUSE:Factory/.libhtp.new.4249 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libhtp" Sat Oct 10 19:05:04 2020 rev:6 rq:840481 version:0.5.35 Changes: -------- --- /work/SRC/openSUSE:Factory/libhtp/libhtp.changes 2020-09-15 16:28:32.178610927 +0200 +++ /work/SRC/openSUSE:Factory/.libhtp.new.4249/libhtp.changes 2020-10-10 19:05:14.196511095 +0200 @@ -1,0 +2,7 @@ +Fri Oct 9 18:36:44 UTC 2020 - Martin Hauke <mar...@gmx.de> + +- Update to version 0.5.35 + * fix memory leak in tunnel traffoc + * fix case where chunked data causes excessive CPU use + +------------------------------------------------------------------- Old: ---- libhtp-0.5.34.tar.gz New: ---- libhtp-0.5.35.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libhtp.spec ++++++ --- /var/tmp/diff_new_pack.TMRWMU/_old 2020-10-10 19:05:15.828511946 +0200 +++ /var/tmp/diff_new_pack.TMRWMU/_new 2020-10-10 19:05:15.832511949 +0200 @@ -19,7 +19,7 @@ %define sover 2 %define lname %{name}%{sover} Name: libhtp -Version: 0.5.34 +Version: 0.5.35 Release: 0 Summary: HTTP normalizer and parser License: BSD-3-Clause ++++++ libhtp-0.5.34.tar.gz -> libhtp-0.5.35.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libhtp-0.5.34/ChangeLog new/libhtp-0.5.35/ChangeLog --- old/libhtp-0.5.34/ChangeLog 2020-09-10 21:47:54.000000000 +0200 +++ new/libhtp-0.5.35/ChangeLog 2020-10-05 12:04:03.000000000 +0200 @@ -1,3 +1,9 @@ +0.5.35 (8 October 2020) + +- fix memory leak in tunnel traffoc + +- fix case where chunked data causes excessive CPU use + 0.5.34 (11 September 2020) -------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libhtp-0.5.34/VERSION new/libhtp-0.5.35/VERSION --- old/libhtp-0.5.34/VERSION 2020-09-10 21:47:54.000000000 +0200 +++ new/libhtp-0.5.35/VERSION 2020-10-05 12:04:03.000000000 +0200 @@ -1,2 +1,2 @@ # This file is intended to be sourced by sh -PKG_VERSION=0.5.34 +PKG_VERSION=0.5.35 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libhtp-0.5.34/htp/htp_response.c new/libhtp-0.5.35/htp/htp_response.c --- old/libhtp-0.5.34/htp/htp_response.c 2020-09-10 21:47:54.000000000 +0200 +++ new/libhtp-0.5.35/htp/htp_response.c 2020-10-05 12:04:03.000000000 +0200 @@ -342,6 +342,20 @@ return HTP_DATA; } +static inline int is_chunked_ctl_char(const unsigned char c) { + switch (c) { + case 0x0d: + case 0x0a: + case 0x20: + case 0x09: + case 0x0b: + case 0x0c: + return 1; + default: + return 0; + } +} + /** * Peeks ahead into the data to try to see if it starts with a valid Chunked * length field. @@ -361,7 +375,7 @@ while (i < len) { unsigned char c = data[i]; - if (c == 0x0d || c == 0x0a || c == 0x20 || c == 0x09 || c == 0x0b || c == 0x0c) { + if (is_chunked_ctl_char(c)) { // ctl char, still good. } else if (isdigit(c) || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F')) { // real chunklen char @@ -386,7 +400,8 @@ OUT_COPY_BYTE_OR_RETURN(connp); // Have we reached the end of the line? Or is this not chunked after all? - if (connp->out_next_byte == LF || !data_probe_chunk_length(connp)) { + if (connp->out_next_byte == LF || + (!is_chunked_ctl_char(connp->out_next_byte) && !data_probe_chunk_length(connp))) { unsigned char *data; size_t len; @@ -545,11 +560,13 @@ return rc; } else if (connp->out_tx->response_status_number == 407) { // proxy telling us to auth - connp->in_status = HTP_STREAM_DATA; + if (connp->in_status != HTP_STREAM_ERROR) + connp->in_status = HTP_STREAM_DATA; } else { // This is a failed CONNECT stream, which means that // we can unblock request parsing - connp->in_status = HTP_STREAM_DATA; + if (connp->in_status != HTP_STREAM_ERROR) + connp->in_status = HTP_STREAM_DATA; // We are going to continue processing this transaction, // adding a note for ourselves to stop at the end (because @@ -571,7 +588,8 @@ if (te == NULL && cl == NULL) { connp->out_state = htp_connp_RES_FINALIZE; - connp->in_status = HTP_STREAM_TUNNEL; + if (connp->in_status != HTP_STREAM_ERROR) + connp->in_status = HTP_STREAM_TUNNEL; connp->out_status = HTP_STREAM_TUNNEL; // we may have response headers