diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index 84c4fc1e333..2c4162abca8 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -39,6 +39,7 @@ https://github.com/elastic/beats/compare/v5.6.8...5.6[Check the HEAD diff] - Fix http status phrase parsing not allow spaces. {pull}5312[5312] - Fix http parse to allow to parse get request with space in the URI. {pull}5495[5495] - Fix mysql SQL parser to trim `\r` from Windows Server `SELECT\r\n\t1`. {pull}5572[5572] +- Fix corruption when parsing repeated headers in an HTTP request or response. {pull}6325[6325] *Winlogbeat* diff --git a/packetbeat/protos/http/http_parser.go b/packetbeat/protos/http/http_parser.go index b4a9e562d06..19a476f47af 100644 --- a/packetbeat/protos/http/http_parser.go +++ b/packetbeat/protos/http/http_parser.go @@ -359,8 +359,8 @@ func (parser *parser) parseHeader(m *message, data []byte) (bool, bool, int) { if val, ok := m.headers[string(headerName)]; ok { composed := make([]byte, len(val)+len(headerVal)+2) off := copy(composed, val) - off = copy(composed[off:], []byte(", ")) - copy(composed[off:], headerVal) + copy(composed[off:], []byte(", ")) + copy(composed[off+2:], headerVal) m.headers[string(headerName)] = composed } else { diff --git a/packetbeat/protos/http/http_test.go b/packetbeat/protos/http/http_test.go index c796bc0c742..623be3ac7af 100644 --- a/packetbeat/protos/http/http_test.go +++ b/packetbeat/protos/http/http_test.go @@ -1132,6 +1132,28 @@ func Test_gap_in_body_http1dot0(t *testing.T) { } +func TestHttpParser_composedHeaders(t *testing.T) { + data := "HTTP/1.1 200 OK\r\n" + + "Content-Length: 0\r\n" + + "Date: Tue, 14 Aug 2012 22:31:45 GMT\r\n" + + "Set-Cookie: aCookie=yummy\r\n" + + "Set-Cookie: anotherCookie=why%20not\r\n" + + "\r\n" + http := httpModForTests() + http.parserConfig.sendHeaders = true + http.parserConfig.sendAllHeaders = true + message, ok, complete := testParse(http, data) + + assert.True(t, ok) + assert.True(t, complete) + assert.False(t, message.isRequest) + assert.Equal(t, 200, int(message.statusCode)) + assert.Equal(t, "OK", string(message.statusPhrase)) + header, ok := message.headers["set-cookie"] + assert.True(t, ok) + assert.Equal(t, "aCookie=yummy, anotherCookie=why%20not", string(header)) +} + func testCreateTCPTuple() *common.TCPTuple { t := &common.TCPTuple{ IPLength: 4,