Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[packetbeat] panic when parsing HTTP host header with non-standard format #36497

Closed
moonD4rk opened this issue Sep 4, 2023 · 2 comments · Fixed by #36518
Closed

[packetbeat] panic when parsing HTTP host header with non-standard format #36497

moonD4rk opened this issue Sep 4, 2023 · 2 comments · Fixed by #36518
Assignees
@efd6
Labels
bug Packetbeat

Comments

@moonD4rk
Copy link

moonD4rk commented Sep 4, 2023
edited

For confirmed bugs, please report:

Summary:

Packetbeat(all version) encounters a panic when parsing HTTP requests that have a non-standard Host header. The issue occurs in the function extractHostHeader and manifests as an "index out of range" panic.

Steps to Reproduce:

  1. Use Packetbeat to capture HTTP traffic.
  2. Make an HTTP request where the Host header is of the form :12345 (just a port number without the hostname).

Expected Result:

Packetbeat should handle non-standard Host headers gracefully, either by ignoring them or logging an error message.

Actual Result:

Packetbeat panics with "index out of range".

panic: runtime error: index out of range [0] with length 0

goroutine 130 [running]:
*****/protos/http.extractHostHeader({0xc01cf26ea8, 0x3})
        *****/protos/http/http.go:737 +0x21b
*****/protos/http.(*httpPlugin).newTransaction(0xc0000f4f70, 0xc0073d8c80, 0xc0    073d9180)
        *****/protos/http/http.go:541 +0xbff
*****/protos/http.(*httpPlugin).correlate(0xc0000f4f70, 0xc02930e9c0)
        *****/protos/http/http.go:483 +0x111
*****/protos/http.(*httpPlugin).handleHTTP(0xc0000f4f70, 0xc02930e9c0, 0xc0073d    9180, 0x7f1aef56cf18?, 0xa0?)
        *****/protos/http/http.go:442 +0x3fb
*****/protos/http.(*httpPlugin).messageComplete(...)
        *****/protos/http/http.go:233
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Sep 4, 2023
@moonD4rk moonD4rk mentioned this issue Sep 4, 2023
Closed
6 tasks
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Sep 5, 2023
@bhapas bhapas changed the title panic when packetbeat parsing HTTP host header with non-standard format [packetbeat] panic when parsing HTTP host header with non-standard format Sep 5, 2023
@efd6 efd6 self-assigned this Sep 5, 2023
@efd6
Copy link
Contributor

efd6 commented Sep 5, 2023
edited

This is confirmed by https://play.golang.com/p/63bKtUHq7Wv.

Really we should be using https://pkg.go.dev/net#SplitHostPort.

func extractHostHeader(header string) (host string, port int) {
	if header == "" || net.ParseIP(header) != nil {
		return header, port
	}
	host, ps, err := net.SplitHostPort(header)
	if err != nil {
		return header, port
	}
	host = strings.TrimPrefix(host, "[")
	host = strings.TrimSuffix(host, "]")
	pi, err := strconv.ParseInt(ps, 10, 16)
	if err != nil {
		return host, port
	}
	return host, int(pi)
}

@efd6 efd6 mentioned this issue Sep 5, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@efd6 efd6

Labels
bug Packetbeat
Projects
None yet
Milestone
No milestone
4 participants
@elasticmachine @moonD4rk @efd6 @bhapas