Handle HTTP 414 in http-form-fuzzer.nse

[dmiller-nmap]

Report: http://seclists.org/nmap-dev/2012/q3/86

[G10h4ck]

I am workign on it ;)
https://gitlab.com/g10h4ck/nmap-gsoc2015/commits/hotfix/113

[dmiller-nmap]

Gio, it looks like you've made maxlen_global and minlen_global into
actual global variables; this means that if scanning multiple targets and
one target gives the 414 error, all targets will have maxlen_global
reduced. Please try to keep this variable unique per host being scanned
(e.g. local to the action function).

On Wed, Jun 3, 2015 at 5:40 AM, Gioacchino notifications@github.com wrote:

I am workign on it ;)
https://gitlab.com/g10h4ck/nmap-gsoc2015/commits/hotfix/113

—
Reply to this email directly or view it on GitHub
#113 (comment).

[G10h4ck]

Now they are visible for all function, but get reassigned by the action function so they are host specific :)

Can you test it ?

[dmiller-nmap]

Gio, even though the stdnse.get_script_args calls are within the action function, the variables themselves are local to the file, which means that two instances of the script will share the same variable, with the potential to overwrite each other. They must be declared local to the action function (or some other function). You can then pass them in and out of the fuzz_field function as necessary, or even declare the fuzz_field function as a closure over the maxlen and minlen variables. There is probably not a need to have a _global variant of these; one per instance is enough.

[G10h4ck]

I am wondering if treating 414 on a per hosts base is the better approach...
The question is should be maxlen the same for all forms of an host ?
I have done a brief research and it seems to me that we should treat this as a form specific stuff, because as an example we could get a 414 for a form with method GET with long input while not on a form with POST method on the same host

In last commit i made max/min len form specific https://gitlab.com/g10h4ck/nmap-gsoc2015/commits/hotfix/113

[dmiller-nmap]

Fixed in dd0c387