Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[5.6] Backport packetbeat fixes #6777

Merged
merged 9 commits into from
Apr 6, 2018
Merged

Conversation

adriansr
Copy link
Contributor

@adriansr adriansr commented Apr 5, 2018

Fixes for packetbeat backported to 5.6.9:

Two more commits are added to CHANGELOG as "features" but some of the fixes require them:

…ic#5312)

* Fix http status phrase parsing not allow spaces (elastic#4795)

* Update CHANGELOG
assert.Equal(t, "Not Found", string(r.statusPhrase))
assert.Equal(t, 404, int(r.statusCode))

response_500 := "HTTP/1.1 500 Internal Server Error\r\n" +

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

don't use underscores in Go names; var response_500 should be response500

if testing.Verbose() {
logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"http"})
}
response_404 := "HTTP/1.1 404 Not Found\r\n" +

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

don't use underscores in Go names; var response_404 should be response404

@adriansr adriansr added in progress Pull request is currently in progress. and removed review labels Apr 5, 2018
ph and others added 8 commits April 6, 2018 09:10
This fix an issue when the http request contains a space instead of
breaking the line with `bytes.fields` we are finding the start and the end
of the URI using the `METHOD` verb and the `HTTP/{VERSION}`. This will
allow packet beat to record theses request instead of ignoring them.

Fixes: elastic#4974
elastic#5572)

* Packetbeat, mysql proto, add \r to trim SQLs captured from app running on Windows server. Otherwise method extracted including \r, which is problem. e.g. "SELECT\r\n\t1"

* Packetbeat, test case for windows lineending

* Packetbeat, changelog for windows lineending
Packetbeat HTTP protocol parser was not concatenating properly repeated
headers in a request or response. This caused corruption in the header
in the form of null bytes (\u0000).
A message with a client header consisting on a partial frame (not
all data received for this frame) could result in a panic.
* Fix out of bounds access to slice in MongoDB parser

Ignore MongoDB message and drop the TCP stream if a malformed
query / response is received, instead of logging a panic.

Closes elastic#5188

* Update CHANGELOG
- The function [parseResponseStatus](https://github.com/elastic/beats/blob/81f55f89fd1db748d0063e4e3c0564913e23ee46/packetbeat/protos/http/http_parser.go#L210) now returns the phrase, even if empty, instead of an error.
- Added tests cases to http_test.go
User reports some HTTP servers may respond with a broken status line that's
missing a space between the status code and the optional status phrase. HTTP
clients tested already support this behavior. This patch adjusts the http
parser so that this deviation from the standard is accepted.

Fixes elastic#6176
There was a bounds check error in parsing HTTP responses. A malformed
response line in the form "HTTP/1.1\r\n" would cause a panic when parsed.

Related to elastic#6409
@andrewkroh andrewkroh merged commit 12bcd55 into elastic:5.6 Apr 6, 2018
@andrewkroh andrewkroh added v5.6.9 and removed 5.6.9 labels Sep 18, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport in progress Pull request is currently in progress. Packetbeat v5.6.9
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants