Fix bad content-length (#4676)

gpotter2 · web-flow · commit d208e0a9155d · 2025-02-27T01:34:09.000+01:00
diff --git a/scapy/layers/http.py b/scapy/layers/http.py
@@ -652,11 +652,17 @@ def tcp_reassemble(cls, data, metadata, _):
             is_response = isinstance(http_packet.payload, cls.clsresp)
             # Packets may have a Content-Length we must honnor
             length = http_packet.Content_Length
+            if length:
+                # Parse the length as an integer
+                try:
+                    length = int(length)
+                except ValueError:
+                    length = None
             if length is not None:
                 # The packet provides a Content-Length attribute: let's
                 # use it. When the total size of the frags is high enough,
                 # we have the packet
-                length = int(length)
+
                 # Subtract the length of the "HTTP*" layer
                 if http_packet.payload.payload or length == 0:
                     http_length = len(data) - http_packet.payload._original_len
diff --git a/test/scapy/layers/http.uts b/test/scapy/layers/http.uts
@@ -68,6 +68,17 @@ assert HTTPResponse in pkt
 print(pkt[Raw].load, expected_data)
 assert pkt[Raw].load == expected_data
 
+= TCPSession - Invalid Content-Length
+
+pkts = [
+    IP()/TCP(seq=1)/HTTP()/Raw(load=b'GET / HTTP/1.1\r\nContent-Length: bad\r\nCoo'),
+    IP()/TCP(seq=41)/HTTP()/Raw(load=b'kie: cookie\r\n\r\n'),
+]
+a = sniff(offline=pkts, session=TCPSession)
+
+assert HTTPRequest in a[0]
+assert a[0].Cookie == b"cookie"
+
 = TCPSession - dissect HTTP 1.0 HEAD response
 ~ http
 
