topic/jsiwek/mime-multipart-boundary-leniency

Description

Seth had a private pcap showing HTTP multipart content using boundary strings containing the '<' and '>' characters which causes HTTP/MIME content parsing to fail. This branch changes it so those characters are allowed (even though not explicitly permitted by the RFC). It feels a bit hacky to me (but so do most changes I've done to HTTP/MIME analyzers), so please review and check if the analysis looks "more correct" now.

I scheduled this for 2.4 because I think Seth mentioned it might be something to try to get fixed in the final release, but it might be better to put it as part of 2.5 – it's not really a severe bug but more of an oddity from a particular HTTP implementation and Bro's behavior with respect to it hasn't changed anytime recently (i.e. it's not a regression).

Environment

None

Activity

Show:
Johanna Amann
September 14, 2015, 10:14 PM

This was merged in 46fc3db8ccb6432729ecff0a38d9b40fabd2e983 but for some reason never closed.

Robin Sommer
May 26, 2015, 3:42 PM

Yeah, agree that this might be better for 2.5, similar to as well.

Fixed

Assignee

Seth Hall

Reporter

Jon Siwek

Labels

None

External issue ID

None

Components

Fix versions

Priority

Normal