[Bro-Dev] #326: HTTP Analyzer overflow on content-lengths > 2GB

Bro Tracker bro at tracker.icir.org
Sat Nov 27 17:31:24 PST 2010

#326: HTTP Analyzer overflow on content-lengths > 2GB
 Reporter:  gregor    |      Owner:
     Type:  Patch     |     Status:  new
 Priority:  Normal    |  Milestone:  Bro1.6
Component:  Bro       |    Version:  git/master
 Keywords:  inttypes  |

 The HTTP analyzer uses 32 bit signed ints to parse the content-length
 header, track body length etc. This causes overflow and for content
 lengths > 2GB. This effects the reported body length as well as parsing of
 pipelined or persistent connection.
 The overflow might also cause crashes.

 Changes in this patch:

  * Change the affected integers in to 64 bit wide
  * Overload min/max inline functions in util.h to work with different
    widths and signedness.
  * Explicitly cast parameters to min/max where in cases were the
    compiler complained.


Ticket URL: <http://tracker.icir.org/bro/ticket/326>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list