HTTP Set-Cookie parser does not handle trailing semicolons #731

Closed
nnposter opened this Issue Mar 5, 2017 · 1 comment

Comments

Projects
None yet
1 participant

nnposter commented Mar 5, 2017

Header parser in parse_set_cookie() bails out on a cookie header with a trailing semicolon, like...

Set-Cookie: session_id=76ca8bc8c19;

...because an attribute is expected to follow the semicolon:

  while s:sub(pos, pos) == ";" do
    pos = pos + 1
    pos = skip_space(s, pos)
    pos, name = get_token(s, pos)
    if not name then
      return nil, string.format("Can't get attribute name of cookie \"%s\".", cookie.name)
    end
    ...

The following patch resolves the issue:

--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -762,6 +762,9 @@
   while s:sub(pos, pos) == ";" do
     pos = pos + 1
     pos = skip_space(s, pos)
+    if pos > #s then
+      break
+    end
     pos, name = get_token(s, pos)
     if not name then
       return nil, string.format("Can't get attribute name of cookie \"%s\".", cookie.name)

Please let me know if you have any questions or concerns. Otherwise I will commit the patch in a few weeks.

nmap-bot closed this in b34eaab Mar 21, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment