New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTP Set-Cookie parser does not handle trailing semicolons #731

Closed
nnposter opened this Issue Mar 5, 2017 · 1 comment

Comments

Projects
None yet
1 participant
@nnposter

nnposter commented Mar 5, 2017

Header parser in parse_set_cookie() bails out on a cookie header with a trailing semicolon, like...

Set-Cookie: session_id=76ca8bc8c19;

...because an attribute is expected to follow the semicolon:

  while s:sub(pos, pos) == ";" do
    pos = pos + 1
    pos = skip_space(s, pos)
    pos, name = get_token(s, pos)
    if not name then
      return nil, string.format("Can't get attribute name of cookie \"%s\".", cookie.name)
    end
    ...

The following patch resolves the issue:

--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -762,6 +762,9 @@
   while s:sub(pos, pos) == ";" do
     pos = pos + 1
     pos = skip_space(s, pos)
+    if pos > #s then
+      break
+    end
     pos, name = get_token(s, pos)
     if not name then
       return nil, string.format("Can't get attribute name of cookie \"%s\".", cookie.name)

Please let me know if you have any questions or concerns. Otherwise I will commit the patch in a few weeks.

@nnposter

This comment has been minimized.

Show comment
Hide comment
@nnposter

nnposter commented Mar 6, 2017

@nmap-bot nmap-bot closed this in b34eaab Mar 21, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment