[Bro-Dev] #488: Bug in HTTP parser

Bro Tracker bro at tracker.bro-ids.org
Wed Aug 3 14:07:20 PDT 2011

#488: Bug in HTTP parser
  Reporter:  robin    |      Owner:
      Type:  Problem  |     Status:  new
  Priority:  Normal   |  Milestone:  Bro1.6
 Component:  Bro      |    Version:  git/master
Resolution:           |   Keywords:

Comment (by robin):

 On Wed, Aug 03, 2011 at 18:09 -0000, you wrote:

 >  I think this might be done?  But I'm confused by the
 >  `policy/protocols/http/http-header-crlf.bro` test that currently fails
 >  me.  It looks like it's accidentally testing the opposite of what was
 >  solved here -- is the `grep -q` exit status supposed to be inverted and
 >  also the comment, "not report that weird", might have typo'd "now" ?

 No, the patch that was committed is just a work-around to stop Bro
 from crashing, it doesn't fix the problem correctly. And the failing
 test is a reminder for that. :)

 Iirc, the problem is that the HTTP session is actually just fine, but
 the HTTP parser still got confused and reported an assert. Now it
 reports a weird instead, but it's still not parsing the session right.

 So what we need to do is track down why it believes there's somethign
 wrong with the session, and then fix that.


Ticket URL: <http://tracker.bro-ids.org/bro/ticket/488#comment:2>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list