Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question about Content-Disposition, Content-Type, etc. and http_header buffer

From: "lists () packetmail net" <lists () packetmail net>
Date: Thu, 25 Oct 2012 16:45:50 -0500
On 10/25/2012 04:35 PM, Joel Esler wrote:

My point is, I think, if I'm right, is whatever program is generating the
packets that Mike is talking about isn't doing so correctly.


I'm looking at RFC 2616 section 4.1 and 4.5 and I'm not seeing where CrLf is
authorttively used as a semaphore for separation between the HTTP body and the
HTTP headers when Content-* appears.  Specifically section 4.5 notes "The
presence of a message-body in a request is signaled [sic] by the inclusion of a
Content-Length or Transfer-Encoding header field in the request's message-headers."

4.1

 Request (section 5) and Response (section 6) messages use the generic message
format of RFC 822 [9] for transferring entities (the payload of the message).
Both types of message consist of a start-line, zero or more header fields (also
known as "headers"), an empty line (i.e., a line with nothing preceding the
CRLF) indicating the end of the header fields, and possibly a message-body.

        generic-message = start-line
                          *(message-header CRLF)
                          CRLF
                          [ message-body ]
        start-line      = Request-Line | Status-Line

In the interest of robustness, servers SHOULD ignore any empty line(s) received
where a Request-Line is expected. In other words, if the server is reading the
protocol stream at the beginning of a message and receives a CRLF first, it
should ignore the CRLF.


4.5:

The presence of a message-body in a request is signaled [sic] by the inclusion
of a Content-Length or Transfer-Encoding header field in the request's
message-headers. A message-body MUST NOT be included in a request if the
specification of the request method (section 5.1.1) does not allow sending an
entity-body in requests. A server SHOULD read and forward a message-body on any
request; if the request method does not include defined semantics for an
entity-body, then the message-body SHOULD be ignored when handling the request.

Hope this helps,
Nathan

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: