Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
HTTP digest auth crash when auth header is missing #1665
NSE encounters an error if the code prescribes HTTP digest authentication but the target server does not supply header
The following patch rectifies the issue:
--- a/nselib/http.lua +++ b/nselib/http.lua @@ -1404,7 +1404,7 @@ options_with_auth_removed["auth"] = nil local r = generic_request(host, port, method, path, options_with_auth_remov local h = r.header['www-authenticate'] - if not r.status or (h and not string.find(h:lower(), "digest.-realm")) then + if not (r.status and h and string.find(h:lower(), "digest.-realm")) then stdnse.debug1("http: the target doesn't support digest auth or there was return http_error("The target doesn't support digest auth or there was an end
The patch will be applied after August 1, 2019, unless concerns are raised.