Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
HTTP digest auth crash when auth header is missing #1665
NSE encounters an error if the code prescribes HTTP digest authentication but the target server does not supply header
The following patch rectifies the issue:
--- a/nselib/http.lua +++ b/nselib/http.lua @@ -1404,7 +1404,7 @@ options_with_auth_removed["auth"] = nil local r = generic_request(host, port, method, path, options_with_auth_remov local h = r.header['www-authenticate'] - if not r.status or (h and not string.find(h:lower(), "digest.-realm")) then + if not (r.status and h and string.find(h:lower(), "digest.-realm")) then stdnse.debug1("http: the target doesn't support digest auth or there was return http_error("The target doesn't support digest auth or there was an end
The patch will be applied after August 1, 2019, unless concerns are raised.