Nmap Development mailing list archives

[NSE] http library cookie bug

From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 15 Mar 2011 20:33:19 +0100

Hi,

I think I ran into a bug when testing some code that handles cookies.
As far as I can understand from RFC 2109 "Attributes (names) (attr) are case-insensitive."

When the http-library parses the cookie, each name value pair is processed and a table field is dynamically created 
using the following code:
cookie[name] = value

I'm testing against two different servers. One returns the cookie path value all lowercase and the second using a 
leading capital P.
I think it would make more sense if the cookie attributes were always stored using lowercase table field names.
So I propose the following patch:

- cookie[name] = value
+ cookie[name:lower()] = value

//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] http library cookie bug Patrik Karlsson (Mar 15)
- Re: [NSE] http library cookie bug John Bond (Mar 15)
  - Re: [NSE] http library cookie bug Patrik Karlsson (Mar 15)
    - Re: [NSE] http library cookie bug John Bond (Mar 15)
  - Re: [NSE] http library cookie bug David Fifield (Mar 15)
    - Re: [NSE] http library cookie bug Patrik Karlsson (Mar 15)
    - Re: [NSE] http library cookie bug Ryan Dewhurst (Mar 15)