mirror of
https://github.com/nmap/nmap.git
synced 2025-12-18 13:39:02 +00:00
Handle out-of-order parameters to http digest auth
This commit is contained in:
dmiller
@@ -85,8 +85,9 @@ if HAVE_SSL then
|
|||||||
-- regardless of what RFC says
|
-- regardless of what RFC says
|
||||||
parseChallenge = function(self)
|
parseChallenge = function(self)
|
||||||
local results = {}
|
local results = {}
|
||||||
local start, stop = 0,0
|
|
||||||
if self.chall then
|
if self.chall then
|
||||||
|
local start, stop = self.chall:find("^[Dd][Ii][Gg][Ee][Ss][Tt]%s+")
|
||||||
|
stop = stop or 0
|
||||||
while(true) do
|
while(true) do
|
||||||
local name, value
|
local name, value
|
||||||
start, stop, name = self.chall:find("([^=]*)=%s*", stop + 1)
|
start, stop, name = self.chall:find("([^=]*)=%s*", stop + 1)
|
||||||
@@ -97,7 +98,7 @@ if HAVE_SSL then
|
|||||||
start, stop, value = self.chall:find("([^,]*)", stop + 1)
|
start, stop, value = self.chall:find("([^,]*)", stop + 1)
|
||||||
end
|
end
|
||||||
name = name:lower()
|
name = name:lower()
|
||||||
if name == "digest realm" then name="realm" end
|
--if name == "digest realm" then name="realm" end
|
||||||
self.challnvs[name] = value
|
self.challnvs[name] = value
|
||||||
start, stop = self.chall:find("%s*,%s*", stop + 1)
|
start, stop = self.chall:find("%s*,%s*", stop + 1)
|
||||||
if ( not(start) ) then break end
|
if ( not(start) ) then break end
|
||||||
@@ -458,4 +459,51 @@ Helper = {
|
|||||||
end,
|
end,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
local unittest = require "unittest"
|
||||||
|
|
||||||
|
if not unittest.testing() then
|
||||||
|
return _ENV
|
||||||
|
end
|
||||||
|
|
||||||
|
test_suite = unittest.TestSuite:new()
|
||||||
|
|
||||||
|
local _ = "ignored"
|
||||||
|
|
||||||
|
local object = DigestMD5:new('Digest realm="test", domain="/HTTP/Digest",\z
|
||||||
|
nonce="c8563a5b367e66b3693fbb07a53a30ba"',
|
||||||
|
_, _, _, _)
|
||||||
|
test_suite:add_test(unittest.keys_equal(
|
||||||
|
object.challnvs,
|
||||||
|
{
|
||||||
|
nonce='c8563a5b367e66b3693fbb07a53a30ba',
|
||||||
|
realm='test',
|
||||||
|
domain='/HTTP/Digest',
|
||||||
|
}
|
||||||
|
))
|
||||||
|
|
||||||
|
object = DigestMD5:new('Digest nonce="9e4ab724d272474ab13b64d75300a47b", \z
|
||||||
|
opaque="de40b82666bd5fe631a64f3b2d5a019e", \z
|
||||||
|
realm="me@kennethreitz.com", qop=auth',
|
||||||
|
_, _, _, _)
|
||||||
|
test_suite:add_test(unittest.keys_equal(
|
||||||
|
object.challnvs,
|
||||||
|
{
|
||||||
|
nonce='9e4ab724d272474ab13b64d75300a47b',
|
||||||
|
opaque='de40b82666bd5fe631a64f3b2d5a019e',
|
||||||
|
realm='me@kennethreitz.com',
|
||||||
|
qop='auth',
|
||||||
|
}
|
||||||
|
))
|
||||||
|
|
||||||
|
object = DigestMD5:new('realm=test, domain="/HTTP/Digest",\tnonce=c8563a5b367e66b3693fbb07a53a30ba',
|
||||||
|
_, _, _, _)
|
||||||
|
test_suite:add_test(unittest.keys_equal(
|
||||||
|
object.challnvs,
|
||||||
|
{
|
||||||
|
nonce='c8563a5b367e66b3693fbb07a53a30ba',
|
||||||
|
realm='test',
|
||||||
|
domain='/HTTP/Digest',
|
||||||
|
}
|
||||||
|
))
|
||||||
|
|
||||||
return _ENV;
|
return _ENV;
|
||||||
|
|||||||
Reference in New Issue
Block a user