From: Philippe Antoine Date: Thu, 30 Oct 2025 10:43:27 +0000 (+0100) Subject: [PATCH] output/http: log content-type like other headers X-Git-Tag: archive/raspbian/1%7.0.10-1+rpi1+deb13u2^2~4 X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=1edf9e41a49e5a13b618e15e0299e1706d2cfe76;p=suricata.git [PATCH] output/http: log content-type like other headers Ticket: 8056 Avoid stack allocation. Do not handle null and ; especially (cherry picked from commit b8411fcc8dfc16910c3080d4d8c03a9a64c3a1f7) Origin: upstream, https://github.com/OISF/suricata/commit/4b1d284bb57219b6677a8bda5cdc14a24a6aa22d.patch Bug: https://redmine.openinfosecfoundation.org/issues/8056 Subject: Upstream fix for CVE-2025-64333 Gbp-Pq: Name CVE-2025-64333.patch --- diff --git a/src/output-json-http.c b/src/output-json-http.c index 5f44e955..c58c32fd 100644 --- a/src/output-json-http.c +++ b/src/output-json-http.c @@ -237,13 +237,12 @@ static void EveHttpLogJSONBasic(JsonBuilder *js, htp_tx_t *tx) if (tx->response_headers != NULL) { htp_header_t *h_content_type = htp_table_get_c(tx->response_headers, "content-type"); if (h_content_type != NULL) { - const size_t size = bstr_len(h_content_type->value) * 2 + 1; - char string[size]; - BytesToStringBuffer(bstr_ptr(h_content_type->value), bstr_len(h_content_type->value), string, size); - char *p = strchr(string, ';'); + uint32_t len = (uint32_t)bstr_len(h_content_type->value); + const uint8_t *p = memchr(bstr_ptr(h_content_type->value), ';', len); if (p != NULL) - *p = '\0'; - jb_set_string(js, "http_content_type", string); + len = (uint32_t)(p - bstr_ptr(h_content_type->value)); + jb_set_string_from_bytes( + js, "http_content_type", bstr_ptr(h_content_type->value), len); } htp_header_t *h_content_range = htp_table_get_c(tx->response_headers, "content-range"); if (h_content_range != NULL) {