From 12bcd55d7f8f678bb1e513679e2da71810f91d63 Mon Sep 17 00:00:00 2001
From: Adrian Serrano <adrisr83@gmail.com>
Date: Thu, 5 Apr 2018 01:26:27 +0200
Subject: [PATCH] Fix minor panic in http parser (#6750)

There was a bounds check error in parsing HTTP responses. A malformed
response line in the form "HTTP/1.1\r\n" would cause a panic when parsed.

Related to #6409
---
 CHANGELOG.asciidoc                    | 2 ++
 packetbeat/protos/http/http_parser.go | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
index 24bd80c562ab..85fa2f567324 100644
--- a/CHANGELOG.asciidoc
+++ b/CHANGELOG.asciidoc
@@ -44,6 +44,8 @@ https://github.com/elastic/beats/compare/v5.6.8...5.6[Check the HEAD diff]
 - Fix corruption when parsing repeated headers in an HTTP request or response. {pull}6325[6325]
 - Fix panic when parsing partial AMQP messages. {pull}6384[6384]
 - Fix out of bounds access to slice in MongoDB parser. {pull}6256[6256]
+- Fix sniffer hanging on exit under Linux. {pull}6535[6535]
+- Fix bounds check error in http parser causing a panic. {pull}6750[6750]
 
 *Winlogbeat*
 
diff --git a/packetbeat/protos/http/http_parser.go b/packetbeat/protos/http/http_parser.go
index 6e58db75a4e9..f09e1ca3f94f 100644
--- a/packetbeat/protos/http/http_parser.go
+++ b/packetbeat/protos/http/http_parser.go
@@ -141,7 +141,7 @@ func (*parser) parseHTTPLine(s *stream, m *message) (cont, ok, complete bool) {
 	var version []byte
 	var err error
 	fline := s.data[s.parseOffset:i]
-	if len(fline) < 8 {
+	if len(fline) < 9 {
 		if isDebug {
 			debugf("First line too small")
 		}