diff options
| author | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2012-05-22 06:23:36 +0000 |
|---|---|---|
| committer | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2012-05-22 06:23:36 +0000 |
| commit | 7e0c167eb02776cd32f47ec038e47b6dcbaad7dd (patch) | |
| tree | 7fdf5bf680ee260865d89e2f80b693a115eae9f1 /epan/req_resp_hdrs.c | |
| parent | b3bfefd03caab06a9844e9969a4f5db518b85a52 (diff) | |
HTTP: RPC/HTTP do a better detection and parsing of RPC over HTTP
From Matthieu Patou <mat@matws.net>
svn path=/trunk/; revision=42773
Diffstat (limited to 'epan/req_resp_hdrs.c')
| -rw-r--r-- | epan/req_resp_hdrs.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/epan/req_resp_hdrs.c b/epan/req_resp_hdrs.c index bb49c5a100..6055903563 100644 --- a/epan/req_resp_hdrs.c +++ b/epan/req_resp_hdrs.c @@ -54,6 +54,7 @@ req_resp_hdrs_do_reassembly(tvbuff_t *tvb, const int offset, packet_info *pinfo, gboolean chunked_encoding = FALSE; gboolean keepalive_found = FALSE; gchar *line; + gchar *content_type = NULL; /* * Do header desegmentation if we've been told to. @@ -158,6 +159,10 @@ req_resp_hdrs_do_reassembly(tvbuff_t *tvb, const int offset, packet_info *pinfo, content_length_found = TRUE; } else if (g_ascii_strncasecmp(line, "Content-Type:", 13) == 0) { content_type_found = TRUE; + content_type = line+13; + while (*content_type == ' ') { + content_type++; + } } else if (g_ascii_strncasecmp(line, "Connection:", 11) == 0) { /* Check for keep-alive */ header_val = line+11; @@ -212,6 +217,22 @@ req_resp_hdrs_do_reassembly(tvbuff_t *tvb, const int offset, packet_info *pinfo, */ if (desegment_body) { if (content_length_found) { + if (content_length >= 128*1024) { /* MS-RPCH stipulate that the content-length must be between 128K and 2G */ + gchar *tmp; + if (content_type_found && + strncmp(content_type, "application/rpc", 15) == 0) { + /* It looks like a RPC_IN_DATA request or a RPC_OUT_DATA response + * in which the content-length is meaningless + */ + return TRUE; + } + /* Following sizeof will return the length of the string + \0 we need to not count it*/ + tmp = tvb_get_ephemeral_string(tvb, 0, sizeof("RPC_OUT_DATA") - 1); + if ((strncmp(tmp, "RPC_IN_DATA", sizeof("RPC_IN_DATA") - 1) == 0) || + (strncmp(tmp, "RPC_OUT_DATA", sizeof("RPC_OUT_DATA") - 1) == 0)) { + return TRUE; + } + } /* next_offset has been set to the end of the headers */ if (!tvb_bytes_exist(tvb, next_offset, content_length)) { length_remaining = tvb_length_remaining(tvb, |