BUG: panic when packetbeat parsing HTTP host header with non-standard format

Summary:

Packetbeat(all version) encounters a panic when parsing HTTP requests that have a non-standard Host header. The issue occurs in the function extractHostHeader and manifests as an "index out of range" panic.

Steps to Reproduce:

1. Use Packetbeat to capture HTTP traffic.
2. Make an HTTP request where the Host header is of the form :12345 (just a port number without the hostname).

Expected Result:

Packetbeat should handle non-standard Host headers gracefully, either by ignoring them or logging an error message.

Actual Result:

Packetbeat panics with "index out of range".

panic: runtime error: index out of range [0] with length 0

goroutine 130 [running]:
*****/protos/http.extractHostHeader({0xc01cf26ea8, 0x3})
        *****/protos/http/http.go:737 +0x21b
*****/protos/http.(*httpPlugin).newTransaction(0xc0000f4f70, 0xc0073d8c80, 0xc0    073d9180)
        *****/protos/http/http.go:541 +0xbff
*****/protos/http.(*httpPlugin).correlate(0xc0000f4f70, 0xc02930e9c0)
        *****/protos/http/http.go:483 +0x111
*****/protos/http.(*httpPlugin).handleHTTP(0xc0000f4f70, 0xc02930e9c0, 0xc0073d    9180, 0x7f1aef56cf18?, 0xa0?)
        *****/protos/http/http.go:442 +0x3fb
*****/protos/http.(*httpPlugin).messageComplete(...)
        *****/protos/http/http.go:233

Hi @moonD4rk,

Welcome to the community! Thanks for raising this issue. Would you be able to raise a bug issue on the @elastic/beats Github repo for someone to take a look?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.