HTTP digest auth crash when auth header is missing #1665
NSE encounters an error if the code prescribes HTTP digest authentication but the target server does not supply header
The following patch rectifies the issue:
--- a/nselib/http.lua +++ b/nselib/http.lua @@ -1404,7 +1404,7 @@ options_with_auth_removed["auth"] = nil local r = generic_request(host, port, method, path, options_with_auth_remov local h = r.header['www-authenticate'] - if not r.status or (h and not string.find(h:lower(), "digest.-realm")) then + if not (r.status and h and string.find(h:lower(), "digest.-realm")) then stdnse.debug1("http: the target doesn't support digest auth or there was return http_error("The target doesn't support digest auth or there was an end
The patch will be applied after August 1, 2019, unless concerns are raised.
The text was updated successfully, but these errors were encountered: