From: Philippe Antoine <contact@catenacyber.fr>
Date: Tue, 2 Apr 2019 14:32:43 +0000 (+0200)
Subject: http: wait for response line for filename
X-Git-Tag: suricata-5.0.0-rc1~104
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9665ab04098105b132834a96c7ec2a99cbc54c04;p=thirdparty%2Fsuricata.git

http: wait for response line for filename

See http evader case 481
---

diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c
index 587e4162d0..7cdd727c51 100644
--- a/src/app-layer-htp.c
+++ b/src/app-layer-htp.c
@@ -1638,8 +1638,12 @@ static int HtpResponseBodyHandle(HtpState *hstate, HtpTxUserData *htud,
 
     int result = 0;
 
-    /* see if we need to open the file */
-    if (!(htud->tcflags & HTP_FILENAME_SET))
+    /* see if we need to open the file
+     * we check for tx->response_line in case of junk
+     * interpreted as body before response line
+     */
+    if (!(htud->tcflags & HTP_FILENAME_SET) &&
+        (tx->response_line != NULL || tx->is_protocol_0_9))
     {
         SCLogDebug("setting up file name");
 
@@ -1684,7 +1688,7 @@ static int HtpResponseBodyHandle(HtpState *hstate, HtpTxUserData *htud,
             }
         }
     }
-    else
+    else if (tx->response_line != NULL || tx->is_protocol_0_9)
     {
         /* otherwise, just store the data */