From 469e6ca5ca55866312cd6ffed4b4e7a79b070219 Mon Sep 17 00:00:00 2001 From: paulino Date: Wed, 4 Jul 2012 20:21:08 +0000 Subject: [PATCH] Fixes crash when using identify_404() that happened when the status response changes in the second or third request and the return value is the string "". Previously, the library only checked for nil. Updated it to check the type of the response value and change it to -1 if its not a number to fix crash when passing a string to %d. --- nselib/http.lua | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/nselib/http.lua b/nselib/http.lua index ca5c25951..eb5be6394 100644 --- a/nselib/http.lua +++ b/nselib/http.lua @@ -2152,10 +2152,12 @@ function identify_404(host, port) return false, "Failed while testing for extra 404 error messages" end - -- Check if the return code became something other than 200 + -- Check if the return code became something other than 200. + -- Status code: -1 represents unknown. + -- If the status is nil or the string "unknown" we switch to -1. if(data2.status ~= 200) then - if(data2.status == nil) then - data2.status = "" + if(type(data2.status) ~= "number") then + data2.status = -1 end stdnse.print_debug(1, "HTTP: HTTP 404 status changed for second request (became %d).", data2.status) return false, string.format("HTTP 404 status changed for second request (became %d).", data2.status) @@ -2163,8 +2165,8 @@ function identify_404(host, port) -- Check if the return code became something other than 200 if(data3.status ~= 200) then - if(data3.status == nil) then - data3.status = "" + if(type(data3.status) ~= "number") then + data3.status = -1 end stdnse.print_debug(1, "HTTP: HTTP 404 status changed for third request (became %d).", data3.status) return false, string.format("HTTP 404 status changed for third request (became %d).", data3.status)