Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

http digest should use more careful parsing

From: David Fifield <david () bamsoftware com>
Date: Wed, 12 Sep 2012 19:52:59 -0700
Digest auth support was added to the http library in r29520,

http://seclists.org/nmap-dev/2012/q3/517

but I've just noticed that it doesn't use the existing
http.parse_www_authenticate function, but does its own parsing of the
header. I'm afraid that the parsing in http.generic_request and
sasl.DigestMD5.parseChallenge doesn't look robust. For example, the
match "digest.-realm" could match a "realm" that's part of a
quoted-string, or even a following auth challenge.

This code should use http.parse_www_authenticate, as it handles things
like multiple authentication challenges separated by commas, and is
generally more careful. See the http-auth script for an example of using
it. http.generic_request should also check for a 401 status code after
its first request, and instead of throwing an error, it should just
return the page if it gets a 200 or something.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: