Nmap Development mailing list archives

Re: http.lua Bug and Fix

From: David Fifield <david () bamsoftware com>
Date: Thu, 24 Feb 2011 12:19:30 -0800

On Thu, Feb 24, 2011 at 10:25:00AM +0100, Sebastian Prengel wrote:

Hello Dev-Team,

I need to do some changes to enable cookie support of "http.lua". All
changes are marked with "CHANGE CHANGE CHANGE". I use Zenmap 5.50 on windows
XP. Hope it is also useful for you.

--- nselib/http.lua
+++ nselib/http.lua
@@ -267,7 +267,7 @@ local function validate_options(options)
     elseif(key == 'cookies') then
       if(type(value) == 'table') then
         for cookie in pairs(value) do
-          for cookie_key, cookie_value in pairs(value) do
+          for cookie_key, cookie_value in pairs(value[cookie]) do
             if(cookie_key == 'name') then
               if(type(cookie_value) ~= 'string') then
                 stdnse.print_debug(1, "http: options.cookies[i].name should be a string")
@@ -283,6 +283,11 @@ local function validate_options(options)
                 stdnse.print_debug(1, "http: options.cookies[i].path should be a string")
                 bad = true
               end
+            elseif(cookie_key == 'expires') then
+              if(type(cookie_value) ~= 'string') then
+                stdnse.print_debug(1, "http: options.cookies[i].expires should be a string")
+                bad = true
+              end
             else
               stdnse.print_debug(1, "http: Unknown field in cookie table: %s", cookie_key)
               bad = true


Thank you for taking the time to submit a patch. These changes look
correct. I think the first hunk is better written this way, which I have
committed:

--- nselib/http.lua
+++ nselib/http.lua
@@ -266,8 +266,8 @@ local function validate_options(options)
       end
     elseif(key == 'cookies') then
       if(type(value) == 'table') then
-        for cookie in pairs(value) do
-          for cookie_key, cookie_value in pairs(value) do
+        for _, cookie in ipairs(value) do
+          for cookie_key, cookie_value in pairs(cookie) do
             if(cookie_key == 'name') then
               if(type(cookie_value) ~= 'string') then
                 stdnse.print_debug(1, "http: options.cookies[i].name should be a string")

@@ -1038,11 +1043,17 @@ local function build_request(host, port, method, path, options)
   }
 
   if options.cookies then
-    local cookies = buildCookies(options.cookies, path)
+    local cookies = buildCookies(options.cookies) ---CHANGE CHANGE CHANGE delete path because cookie.path was empty
     if #cookies > 0 then
       mod_options.header["Cookie"] = cookies
     end
   end


I don't understand the reason for this one. If path is nil, then taking
it out of the function call is the same as leaving it in. Is it instead
the empty string or something? What error message were you seeing?

+
+  ---CHANGE CHANGE CHANGE add section Referer in http header when path and cookie set
+  if path and options.cookies then
+   mod_options.header["Referer"]=path
+  end
+
   -- Only Basic authentication is supported.
   if options.auth then
     local username = options.auth.username


My first impression is that control of Referer should be left to the
script author. Is this a particular web application that needs Referer,
or does this requirement apply in general?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

http.lua Bug and Fix Sebastian Prengel (Feb 24)
- Re: http.lua Bug and Fix David Fifield (Feb 24)
  - AW: http.lua Bug and Fix Sebastian Prengel (Feb 25)
    - Re: http.lua Bug and Fix David Fifield (Mar 04)