[Bro-Dev] [JIRA] (BIT-1400) topic/jsiwek/mime-multipart-boundary-leniency

Johanna Amann (JIRA) jira at bro-tracker.atlassian.net
Mon Sep 14 15:15:02 PDT 2015

     [ https://bro-tracker.atlassian.net/browse/BIT-1400?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Johanna Amann updated BIT-1400:
    Resolution: Fixed
        Status: Closed  (was: Open)

This was merged in 46fc3db8ccb6432729ecff0a38d9b40fabd2e983 but for some reason never closed.

> topic/jsiwek/mime-multipart-boundary-leniency
> ---------------------------------------------
>                 Key: BIT-1400
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1400
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>            Reporter: Jon Siwek
>            Assignee: Seth Hall
>             Fix For: 2.5
> Seth had a private pcap showing HTTP multipart content using boundary strings containing the '<' and '>' characters which causes HTTP/MIME content parsing to fail.  This branch changes it so those characters are allowed (even though not explicitly permitted by the RFC).  It feels a bit hacky to me (but so do most changes I've done to HTTP/MIME analyzers), so please review and check if the analysis looks "more correct" now.
> I scheduled this for 2.4 because I think Seth mentioned it might be something to try to get fixed in the final release, but it might be better to put it as part of 2.5 -- it's not really a severe bug but more of an oddity from a particular HTTP implementation and Bro's behavior with respect to it hasn't changed anytime recently (i.e. it's not a regression).

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list