Squashed commit of the following:
commit
3ba32d1935436a4246e8242302935abb38a92c13
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Jan 22 10:53:37 2021 -0500
http_inspect: validate URI scheme length
INF_HTTP2_IN_HI,
INF_TRUNCATED_MSG_BODY_CL,
INF_TRUNCATED_MSG_BODY_CHUNK,
+ INF_LONG_SCHEME,
INF__MAX_VALUE
};
EVENT_200_CONNECT_RESP_WITH_CL,
EVENT_200_CONNECT_RESP_WITH_TE,
EVENT_100_CONNECT_RESP,
- EVENT_EARLY_CONNECT_RESPONSE, // 258
+ EVENT_EARLY_CONNECT_RESPONSE,
EVENT_MALFORMED_CD_FILENAME,
- EVENT_TRUNCATED_MSG_BODY_CL,
+ EVENT_TRUNCATED_MSG_BODY_CL, // 260
EVENT_TRUNCATED_MSG_BODY_CHUNK,
+ EVENT_LONG_SCHEME, // 262
EVENT__MAX_VALUE
};
if (method_id == METH__OTHER)
create_event(EVENT_UNKNOWN_METHOD);
+ if (uri && uri->get_scheme().length() > LONG_SCHEME_LENGTH)
+ {
+ create_event(EVENT_LONG_SCHEME);
+ add_infraction(INF_LONG_SCHEME);
+ }
+
if (session_data->zero_nine_expected != 0)
{
// Previous 0.9 request on this connection should have been the last request message
{ EVENT_MALFORMED_CD_FILENAME, "malformed HTTP Content-Disposition filename parameter" },
{ EVENT_TRUNCATED_MSG_BODY_CL, "HTTP Content-Length message body was truncated" },
{ EVENT_TRUNCATED_MSG_BODY_CHUNK, "HTTP chunked message body was truncated" },
+ { EVENT_LONG_SCHEME, "HTTP URI scheme longer than 10 characters" },
{ 0, nullptr }
};
j++);
for (k = j+3; (k < uri.length()) && (uri.start()[k] != '/'); k++);
- // Verify that 1) we found ://, 2) we found /, 3) scheme begins with a letter, and
- // 4) scheme consists of legal characters (RFC 3986 3.1)
+ // Verify that 1) we found ://, 2) we found /, 3) scheme begins with a letter,
+ // 4) scheme consists of legal characters (RFC 3986 3.1) and 5) scheme is no more than 36
+ // characters in length
if ((k < uri.length()) && (uri.start()[j] == ':') && (uri.start()[j+1] == '/') &&
- (uri.start()[j+2] == '/') && (uri.start()[0] >= 'A'))
+ (uri.start()[j+2] == '/') && (uri.start()[0] >= 'A') && j <= MAX_SCHEME_LENGTH)
{
uri_type = URI_ABSOLUTE;
scheme.set(j, uri.start());
#include "http_field.h"
#include "http_event.h"
+static const int MAX_SCHEME_LENGTH = 36; // schemes longer than 36 characters are malformed
+static const int LONG_SCHEME_LENGTH = 10; // schemes longer than 10 characters will alert
+
//-------------------------------------------------------------------------
// HttpUri class
//-------------------------------------------------------------------------