Avoid a crash by making sure response *has* a location header

2025-12-06 04:31:29 +00:00 · 2019-08-02 04:21:38 +00:00
parent 5ad05bdbab
commit 13d70d9ac7
1 changed files with 14 additions and 12 deletions
--- a/scripts/https-redirect.nse
+++ b/scripts/https-redirect.nse
@@ -58,18 +58,20 @@ action = function (host, port)
    if string.match(result, "^HTTP/1.[01] 3%d%d") then

      local location = string.match(result, "\n[Ll][Oo][Cc][Aa][Tt][Ii][Oo][Nn]:[ \t]*(.-)\r?\n")
-      local parsed = url.parse(location)
-      -- Check for a redirect to the same port, but with HTTPS scheme.
-      if parsed.scheme == 'https' and tonumber(parsed.port or 443) == port.number and (
-          -- ensure it's not some other machine
-          parsed.ascii_host == host.ip or
-          parsed.ascii_host == host.targetname or
-          parsed.ascii_host == host.name or
-          parsed.host == "" or parsed.host == nil
-          ) then
-        port.version.service_tunnel = "ssl"
-        nmap.set_port_version(host, port, "softmatched")
-        return nil
+      if location then
+        local parsed = url.parse(location)
+        -- Check for a redirect to the same port, but with HTTPS scheme.
+        if parsed.scheme == 'https' and tonumber(parsed.port or 443) == port.number and (
+            -- ensure it's not some other machine
+            parsed.ascii_host == host.ip or
+            parsed.ascii_host == host.targetname or
+            parsed.ascii_host == host.name or
+            parsed.host == "" or parsed.host == nil
+            ) then
+          port.version.service_tunnel = "ssl"
+          nmap.set_port_version(host, port, "softmatched")
+          return nil
+        end
      end
    end
  end