From 1defb48e9ca2f27f25ffb87a326c05716a07242e Mon Sep 17 00:00:00 2001
From: Keith Jones <keith@keithjjones.com>
Date: Tue, 21 Sep 2021 10:21:43 -0400
Subject: [PATCH] Check for records before matching a string.

---
 scripts/omigod.zeek | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/omigod.zeek b/scripts/omigod.zeek
index 2c0d19d..fe0f5cd 100644
--- a/scripts/omigod.zeek
+++ b/scripts/omigod.zeek
@@ -82,7 +82,7 @@ event http_all_headers(c: connection, is_orig: bool, hlist: mime_header_list)
         return;
 
     # The exploit is triggered when a payload XML is POSTed
-    if (c$http$method != "POST")
+    if ( !c?http || !c$http?method || c$http$method != "POST")
         return;
 
     # Throw out small list of headers