Nmap Development mailing list archives

[NSE patch] patch for http.lua to support chunked encoding

From: Sven Klemm <sven () c3d2 de>
Date: Sun, 24 Aug 2008 01:20:55 +0200

Hi,

currently the NSE http library does not support chunked encoding. Whenthe server sends an answer with transfer-encoding chunked the answerdoes not get properly "dechunked" and the body in the document willcontain the chunk metadata. The attached patch adds support forchunked encoding to the http library.The patch also changes the way the body of the document isconcatenated. Currently the http library uses "\r?\n" as lineseparator and "\n" when concatenating. The patch changes this to use"\r\n" in both cases so the document is no longer modified by the httplibrary.


Cheers,
Sven

--
Sven Klemm
http://cthulhu.c3d2.de/~sven/

Index: http.lua
===================================================================
--- http.lua    (.../nselib/http.lua)   (revision 9702)
+++ http.lua    (.../-exp/sven/nse_sedusa/nselib/http.lua)      (revision 9702)
@@ -143,7 +143,7 @@
     return result
   end
 
-  local buffer = stdnse.make_buffer( socket, "\r?\n" )
+  local buffer = stdnse.make_buffer( socket, "\r\n" )
 
   local line, _
   local header, body = {}, {}
@@ -184,15 +184,32 @@
     end
   end
 
-  -- body loop
-  while true do
-    line = buffer()
-    if not line then break end
-    table.insert(body,line)
+  -- handle body
+  if result.header['transfer-encoding'] == 'chunked' then
+    -- if the server used chunked encoding we have to 'dechunk' the answer
+    local counter, chunk_size
+    counter = 0; chunk_size = 0
+    while true do
+      if counter >= chunk_size then
+        counter = 0
+        chunk_size = tonumber( buffer(), 16 )
+        if chunk_size == 0 or not chunk_size then break end
+      end
+      line = buffer()
+      if not line then break end
+      counter = counter + #line + 2
+      table.insert(body,line)
+    end
+  else
+    while true do
+      line = buffer()
+      if not line then break end
+      table.insert(body,line)
+    end
   end
 
   socket:close()
-  result.body = table.concat( body, "\n" )
+  result.body = table.concat( body, "\r\n" )
 
   return result


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[NSE patch] patch for http.lua to support chunked encoding Sven Klemm (Aug 23)
- Re: [NSE patch] patch for http.lua to support chunked encoding Kris Katterjohn (Aug 24)
  - Re: [NSE patch] patch for http.lua to support chunked encoding Sven Klemm (Aug 24)
- Re: [NSE patch] patch for http.lua to support chunked encoding Fyodor (Aug 29)