PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Allow a challenge with no auth-params.

Browse Source
This commit is contained in:
david
2011-12-19 19:12:49 +00:00
parent 3d1e1f1233
commit 5c0b85261b
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
ncat/http.c
View File

@@ -1292,8 +1292,23 @@ static const char *http_read_challenge(const char *s, struct http_challenge *cha
free(scheme); free(scheme);
scheme = NULL; scheme = NULL;
/* RFC 2617, section 1.2, requires at least one auth-param:
challenge = auth-scheme 1*SP 1#auth-param
But there are some schemes (NTLM and Negotiate) that can be without
auth-params, so we allow that here. A comma indicates the end of this
challenge and the beginning of the next (see the comment in the loop
below). */
while (is_space_char(*s)) while (is_space_char(*s))
s++; s++;
if (*s == ',') {
s++;
while (is_space_char(*s))
s++;
if (*s == '\0')
goto bail;
return s;
}
while (*s != '\0') { while (*s != '\0') {
char *name, *value; char *name, *value;