[Oisf-devel] {6} suricata htp HTPHandleResponseData Error

rmkml rmkml at free.fr
Mon Jan 4 09:41:11 UTC 2010 

Thx Victor and Will,
more information: this is not bad/fuzzing trafic, simply extracted pcap on all trafic for this error (it's connect http method to citrix networks)
Regards
Rmkml
Crusoe-Researches.com


On Mon, 4 Jan 2010, Victor Julien wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> There is no exact error because the HTP library doesn't report an exact
> one. I'll forward the report to Ivan Ristic...
>
> Thanks rmkml!
>
> Cheers,
> Victor
>
> Will Metcalf wrote:
>> Can you please send the exact error you are receiving?
>>
>> Regards,
>>
>> Will
>>
>> On Sun, Jan 3, 2010 at 10:06 PM, rmkml <rmkml at free.fr
>> <mailto:rmkml at free.fr>> wrote:
>>
>>     Hi,
>>     I have one error and one question please.
>>
>>     1) With (joigned) pcap file, I have a htp HTPHandleResponseData
>>     Error, why please?
>>      I start suricata with:
>>      ./suricata080beta -c suricata.yaml -r
>>     suricata_httpparsingresponseerror1.pcap
>>      I have compiled htp with debug but no more information understand
>>     why this error.
>>
>>     2) On file htp-0.2.1/htp/htp_response.c, maybe change this: (req->res)
>>      int htp_connp_res_data(htp_connp_t *connp, htp_time_t timestamp,
>>     unsigned char *data, size_t len) {
>>      #ifdef HTP_DEBUG
>>     -    fprintf(stderr, "htp_connp_req_data(connp->out_status %x)\n",
>>     connp->out_status);
>>     +    fprintf(stderr, "htp_connp_res_data(connp->out_status %x)\n",
>>     connp->out_status);
>>         fprint_raw_data(stderr, __FUNCTION__, data, len);
>>      #endif
>>
>>     Regards
>>     Rmkml
>>     Crusoe-Researches.com
>>     _______________________________________________
>>     Oisf-devel mailing list
>>     Oisf-devel at openinfosecfoundation.org
>>     <mailto:Oisf-devel at openinfosecfoundation.org>
>>     http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Oisf-devel mailing list
>> Oisf-devel at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
>
> - --
> - ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> - ---------------------------------------------
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAktB8S0ACgkQiSMBBAuniMcocACfTMe/fa7jkGuQ0oVgFUgPO6ie
> FHkAn39KKETQ5J01BtUQkkmYznEghG/J
> =hl32
> -----END PGP SIGNATURE-----
>

More information about the Oisf-devel mailing list