From 07cd238ac9bfc07f12a8dea740adbea1cf2f03f5 Mon Sep 17 00:00:00 2001 From: liketic Date: Wed, 4 Oct 2017 10:08:35 +0800 Subject: [PATCH 1/2] Fix http status phrase parsing not allow spaces (#4795) --- packetbeat/protos/http/http_parser.go | 14 ++++----- packetbeat/protos/http/http_test.go | 45 +++++++++++++++++++++++++++ 2 files changed, 52 insertions(+), 7 deletions(-) diff --git a/packetbeat/protos/http/http_parser.go b/packetbeat/protos/http/http_parser.go index 16dde96eed5..84426afc037 100644 --- a/packetbeat/protos/http/http_parser.go +++ b/packetbeat/protos/http/http_parser.go @@ -211,15 +211,15 @@ func parseResponseStatus(s []byte) (uint16, []byte, error) { if p == -1 { return 0, nil, errors.New("Not able to identify status code") } - - code, _ := parseInt(s[0:p]) - - p = bytes.LastIndexByte(s, ' ') - if p == -1 { - return uint16(code), nil, errors.New("Not able to identify status code") + statusCode, err := parseInt(s[0:p]) + if err != nil { + return 0, nil, fmt.Errorf("Unable to parse status code from [%s]", s) } phrase := s[p+1:] - return uint16(code), phrase, nil + if len(phrase) == 0 { + return 0, nil, fmt.Errorf("Unable to parse status phrase from [%s]", s) + } + return uint16(statusCode), phrase, nil } func parseVersion(s []byte) (uint8, uint8, error) { diff --git a/packetbeat/protos/http/http_test.go b/packetbeat/protos/http/http_test.go index 2f826623665..dbc3c056e36 100644 --- a/packetbeat/protos/http/http_test.go +++ b/packetbeat/protos/http/http_test.go @@ -542,6 +542,51 @@ func TestHttpParser_301_response(t *testing.T) { assert.Equal(t, 290, msg.contentLength) } +func TestHttpParser_PhraseContainsSpaces(t *testing.T) { + if testing.Verbose() { + logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"http"}) + } + response_404 := "HTTP/1.1 404 Not Found\r\n" + + "Server: Apache-Coyote/1.1\r\n" + + "Content-Type: text/html;charset=utf-8\r\n" + + "Content-Length: 18\r\n" + + "Date: Mon, 31 Jul 2017 11:31:53 GMT\r\n" + + "\r\n" + + "Http Response Body" + + r, ok, complete := testParse(nil, response_404) + assert.True(t, ok) + assert.True(t, complete) + assert.Equal(t, 18, r.contentLength) + assert.Equal(t, "Not Found", string(r.statusPhrase)) + assert.Equal(t, 404, int(r.statusCode)) + + response_500 := "HTTP/1.1 500 Internal Server Error\r\n" + + "Server: Apache-Coyote/1.1\r\n" + + "Content-Type: text/html;charset=utf-8\r\n" + + "Content-Length: 2\r\n" + + "Date: Mon, 30 Jul 2017 00:00:00 GMT\r\n" + + "\r\n" + + "xx" + r, ok, complete = testParse(nil, response_500) + assert.True(t, ok) + assert.True(t, complete) + assert.Equal(t, 2, r.contentLength) + assert.Equal(t, "Internal Server Error", string(r.statusPhrase)) + assert.Equal(t, 500, int(r.statusCode)) + + broken := "HTTP/1.1 500 \r\n" + + "Server: Apache-Coyote/1.1\r\n" + + "Content-Type: text/html;charset=utf-8\r\n" + + "Content-Length: 2\r\n" + + "Date: Mon, 30 Jul 2017 00:00:00 GMT\r\n" + + "\r\n" + + "xx" + r, ok, complete = testParse(nil, broken) + assert.False(t, ok) + assert.False(t, complete) +} + func TestEatBodyChunked(t *testing.T) { if testing.Verbose() { logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"http", "httpdetailed"}) From fa079cd4242ee44356a5cc798436241fd4d060b3 Mon Sep 17 00:00:00 2001 From: liketic Date: Thu, 12 Oct 2017 09:55:27 +0800 Subject: [PATCH 2/2] Update CHANGELOG --- CHANGELOG.asciidoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index 623a20159e5..a862f078044 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -62,6 +62,8 @@ https://github.com/elastic/beats/compare/v6.0.0-beta2...master[Check the HEAD di *Packetbeat* +- Fix http status phrase parsing not allow spaces. {pull}5312[5312] + *Winlogbeat* ==== Added