Error in http.lua's chunked encoding

[Joao Correa <joao () livewire com br>]

On Thu, Aug 20, 2009 at 1:07 PM, Ron<ron () skullsecurity net> wrote:
> On 08/18/2009 01:35 PM, David Fifield wrote:
> > On Tue, Aug 18, 2009 at 01:03:59AM -0300, Joao Correa wrote:
> > Breaking the response stream on anything that looks like a Status-Line
> > is really wrong. What if a response contains "HTTP/1.1 200" in the body?
> > What if the body doesn't end in a newline, so that the Status-Line of
> > the next response doesn't come at the beginning of a line? Responses to
> > pipelined requests are supposed to either have a Content-Length or use
> > the chunked Transfer-Encoding, both of which allow you to find the
> > length of the body and the start of the next response. The get_chunks
> > iterator returns the offset after the last chunk so you can start
> > parsing the next response there.
>
> I just ran into a bug that I traced back to exactly this code.
>
> Jaoa, have you made any progress on fixing this?

Hi Ron, I have started working on a fix, but it is not working fine
yet. I would say that by the weekend I might have something ready.

Thanks
João

> Thanks!
> Ron
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org