Incomplete but 2 logs for same transaction (libhtp: 0.5.x) about libhtp HOT 8 CLOSED

Thanks for this report.
If you want to help more, could you create a Suricata-verify test out of this ?

from libhtp.

Could you test #351 ?

from libhtp.

Fix looks good. Thank you. Below is the log i now see.

{"timestamp":"2022-02-23T13:07:28.058210+0000","flow_id":1775922563793581,"in_iface":"lo","event_type":"http","src_ip":"127.0.0.1","src_port":33210,"dest_ip":"127.0.0.1","dest_port":3000,"proto":"6","tx_id":0,"http":{"hostname":"localhost","http_port":3000,"url":"/WebGoat/login1","http_user_agent":"curl/7.68.0","http_method":"POST","protocol":"HTTP/1.1","status":302,"redirect":"http://localhost:3000/WebGoat/login","length":0,"request_headers":[{"name":"Host","value":"localhost:3000"},{"name":"User-Agent","value":"curl/7.68.0"},{"name":"Accept","value":"*/*"},{"name":"Content-Length","value":"1417"},{"name":"Content-Type","value":"application/x-www-form-urlencoded"},{"name":"Expect","value":"100-continue"}],"response_headers":[{"name":"Connection","value":"keep-alive"},{"name":"Set-Cookie","value":"JSESSIONID=8DtreiCe0RbQqoZtVdzoBLFvc1WS1Hh562_0QaqR; path=/WebGoat"},{"name":"X-XSS-Protection","value":"1; mode=block"},{"name":"X-Content-Type-Options","value":"nosniff"},{"name":"X-Frame-Options","value":"DENY"},{"name":"Location","value":"http://localhost:3000/WebGoat/login"},{"name":"Content-Length","value":"0"},{"name":"Date","value":"Wed, 23 Feb 2022 13:07:28 GMT"}]}}

from libhtp.

Thanks for testing

from libhtp.

Thanks for testing

Is there a release this fix will be targetted for? Would help if you could let me know the release and approx time

from libhtp.

I think in will be in libhtp 0.5.40 which will be used by suricata 7.0rc1 and 6.0.5
cf https://redmine.openinfosecfoundation.org/issues/5146

from libhtp.

Thank you so much

from libhtp.

Fixed by #351

from libhtp.