Snort mailing list archives
Re: Question about Content-Disposition, Content-Type, etc. and http_header buffer
From: "lists () packetmail net" <lists () packetmail net>
Date: Thu, 25 Oct 2012 16:45:50 -0500
On 10/25/2012 04:35 PM, Joel Esler wrote:
My point is, I think, if I'm right, is whatever program is generating the packets that Mike is talking about isn't doing so correctly.
I'm looking at RFC 2616 section 4.1 and 4.5 and I'm not seeing where CrLf is authorttively used as a semaphore for separation between the HTTP body and the HTTP headers when Content-* appears. Specifically section 4.5 notes "The presence of a message-body in a request is signaled [sic] by the inclusion of a Content-Length or Transfer-Encoding header field in the request's message-headers." 4.1 Request (section 5) and Response (section 6) messages use the generic message format of RFC 822 [9] for transferring entities (the payload of the message). Both types of message consist of a start-line, zero or more header fields (also known as "headers"), an empty line (i.e., a line with nothing preceding the CRLF) indicating the end of the header fields, and possibly a message-body. generic-message = start-line *(message-header CRLF) CRLF [ message-body ] start-line = Request-Line | Status-Line In the interest of robustness, servers SHOULD ignore any empty line(s) received where a Request-Line is expected. In other words, if the server is reading the protocol stream at the beginning of a message and receives a CRLF first, it should ignore the CRLF. 4.5: The presence of a message-body in a request is signaled [sic] by the inclusion of a Content-Length or Transfer-Encoding header field in the request's message-headers. A message-body MUST NOT be included in a request if the specification of the request method (section 5.1.1) does not allow sending an entity-body in requests. A server SHOULD read and forward a message-body on any request; if the request method does not include defined semantics for an entity-body, then the message-body SHOULD be ignored when handling the request. Hope this helps, Nathan ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Question about Content-Disposition, Content-Type, etc. and http_header buffer Mike Cox (Oct 16)
- Re: Question about Content-Disposition, Content-Type, etc. and http_header buffer Joel Esler (Oct 16)
- Re: Question about Content-Disposition, Content-Type, etc. and http_header buffer Mike Cox (Oct 17)
- Re: Question about Content-Disposition, Content-Type, etc. and http_header buffer Joel Esler (Oct 17)
- Re: Question about Content-Disposition, Content-Type, etc. and http_header buffer Mike Cox (Oct 17)
- Re: Question about Content-Disposition, Content-Type, etc. and http_header buffer Joel Esler (Oct 17)
- Re: Question about Content-Disposition, Content-Type, etc. and http_header buffer Mike Cox (Oct 25)
- Re: Question about Content-Disposition, Content-Type, etc. and http_header buffer Joel Esler (Oct 25)
- Re: Question about Content-Disposition, Content-Type, etc. and http_header buffer lists () packetmail net (Oct 25)
- Re: Question about Content-Disposition, Content-Type, etc. and http_header buffer Joel Esler (Oct 25)
- Re: Question about Content-Disposition, Content-Type, etc. and http_header buffer lists () packetmail net (Oct 25)
- Re: Question about Content-Disposition, Content-Type, etc. and http_header buffer Mike Cox (Oct 25)
- Re: Question about Content-Disposition, Content-Type, etc. and http_header buffer Joel Esler (Oct 25)
- Re: Question about Content-Disposition, Content-Type, etc. and http_header buffer Mike Cox (Oct 25)
- Re: Question about Content-Disposition, Content-Type, etc. and http_header buffer Mike Cox (Oct 17)
- Re: Question about Content-Disposition, Content-Type, etc. and http_header buffer Joel Esler (Oct 16)