Hello community,
here is the log from the commit of package libhtp for openSUSE:Factory checked
in at 2020-10-10 19:05:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libhtp (Old)
and /work/SRC/openSUSE:Factory/.libhtp.new.4249 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libhtp"
Sat Oct 10 19:05:04 2020 rev:6 rq:840481 version:0.5.35
Changes:
--------
--- /work/SRC/openSUSE:Factory/libhtp/libhtp.changes 2020-09-15
16:28:32.178610927 +0200
+++ /work/SRC/openSUSE:Factory/.libhtp.new.4249/libhtp.changes 2020-10-10
19:05:14.196511095 +0200
@@ -1,0 +2,7 @@
+Fri Oct 9 18:36:44 UTC 2020 - Martin Hauke <mar...@gmx.de>
+
+- Update to version 0.5.35
+ * fix memory leak in tunnel traffoc
+ * fix case where chunked data causes excessive CPU use
+
+-------------------------------------------------------------------
Old:
----
libhtp-0.5.34.tar.gz
New:
----
libhtp-0.5.35.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libhtp.spec ++++++
--- /var/tmp/diff_new_pack.TMRWMU/_old 2020-10-10 19:05:15.828511946 +0200
+++ /var/tmp/diff_new_pack.TMRWMU/_new 2020-10-10 19:05:15.832511949 +0200
@@ -19,7 +19,7 @@
%define sover 2
%define lname %{name}%{sover}
Name: libhtp
-Version: 0.5.34
+Version: 0.5.35
Release: 0
Summary: HTTP normalizer and parser
License: BSD-3-Clause
++++++ libhtp-0.5.34.tar.gz -> libhtp-0.5.35.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.34/ChangeLog new/libhtp-0.5.35/ChangeLog
--- old/libhtp-0.5.34/ChangeLog 2020-09-10 21:47:54.000000000 +0200
+++ new/libhtp-0.5.35/ChangeLog 2020-10-05 12:04:03.000000000 +0200
@@ -1,3 +1,9 @@
+0.5.35 (8 October 2020)
+
+- fix memory leak in tunnel traffoc
+
+- fix case where chunked data causes excessive CPU use
+
0.5.34 (11 September 2020)
--------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.34/VERSION new/libhtp-0.5.35/VERSION
--- old/libhtp-0.5.34/VERSION 2020-09-10 21:47:54.000000000 +0200
+++ new/libhtp-0.5.35/VERSION 2020-10-05 12:04:03.000000000 +0200
@@ -1,2 +1,2 @@
# This file is intended to be sourced by sh
-PKG_VERSION=0.5.34
+PKG_VERSION=0.5.35
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.34/htp/htp_response.c
new/libhtp-0.5.35/htp/htp_response.c
--- old/libhtp-0.5.34/htp/htp_response.c 2020-09-10 21:47:54.000000000
+0200
+++ new/libhtp-0.5.35/htp/htp_response.c 2020-10-05 12:04:03.000000000
+0200
@@ -342,6 +342,20 @@
return HTP_DATA;
}
+static inline int is_chunked_ctl_char(const unsigned char c) {
+ switch (c) {
+ case 0x0d:
+ case 0x0a:
+ case 0x20:
+ case 0x09:
+ case 0x0b:
+ case 0x0c:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
/**
* Peeks ahead into the data to try to see if it starts with a valid Chunked
* length field.
@@ -361,7 +375,7 @@
while (i < len) {
unsigned char c = data[i];
- if (c == 0x0d || c == 0x0a || c == 0x20 || c == 0x09 || c == 0x0b || c
== 0x0c) {
+ if (is_chunked_ctl_char(c)) {
// ctl char, still good.
} else if (isdigit(c) || (c >= 'a' && c <= 'f') || (c >= 'A' && c <=
'F')) {
// real chunklen char
@@ -386,7 +400,8 @@
OUT_COPY_BYTE_OR_RETURN(connp);
// Have we reached the end of the line? Or is this not chunked after
all?
- if (connp->out_next_byte == LF || !data_probe_chunk_length(connp)) {
+ if (connp->out_next_byte == LF ||
+ (!is_chunked_ctl_char(connp->out_next_byte) &&
!data_probe_chunk_length(connp))) {
unsigned char *data;
size_t len;
@@ -545,11 +560,13 @@
return rc;
} else if (connp->out_tx->response_status_number == 407) {
// proxy telling us to auth
- connp->in_status = HTP_STREAM_DATA;
+ if (connp->in_status != HTP_STREAM_ERROR)
+ connp->in_status = HTP_STREAM_DATA;
} else {
// This is a failed CONNECT stream, which means that
// we can unblock request parsing
- connp->in_status = HTP_STREAM_DATA;
+ if (connp->in_status != HTP_STREAM_ERROR)
+ connp->in_status = HTP_STREAM_DATA;
// We are going to continue processing this transaction,
// adding a note for ourselves to stop at the end (because
@@ -571,7 +588,8 @@
if (te == NULL && cl == NULL) {
connp->out_state = htp_connp_RES_FINALIZE;
- connp->in_status = HTP_STREAM_TUNNEL;
+ if (connp->in_status != HTP_STREAM_ERROR)
+ connp->in_status = HTP_STREAM_TUNNEL;
connp->out_status = HTP_STREAM_TUNNEL;
// we may have response headers
