Fix to http.validate_options from Sebastian Prengel: The cookies table

was being iterated over incorrectly. Also from Sebastian: add "expires" to the list of handled keys in validate_options.
2025-12-15 20:29:03 +00:00 · 2011-02-24 20:16:06 +00:00
parent b31a8aa875
commit 61543b681e
2 changed files with 10 additions and 2 deletions
--- a/3
+++ b/3
@@ -1,5 +1,8 @@
 # Nmap Changelog ($Id$); -*-text-*-

+o [NSE] Fixed http.validate_options when handling a cookie table.
+  [Sebastian Prengel]
+
 o [NSE] Added quake3-master-getservers, which gets a list of live
  Quake 3 servers from a master server. (It also works for many
  similar games.) [Toni Ruottu]
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -266,8 +266,8 @@ local function validate_options(options)
      end
    elseif(key == 'cookies') then
      if(type(value) == 'table') then
-        for cookie in pairs(value) do
-          for cookie_key, cookie_value in pairs(value) do
+        for _, cookie in ipairs(value) do
+          for cookie_key, cookie_value in pairs(cookie) do
            if(cookie_key == 'name') then
              if(type(cookie_value) ~= 'string') then
                stdnse.print_debug(1, "http: options.cookies[i].name should be a string")
@@ -283,6 +283,11 @@ local function validate_options(options)
                stdnse.print_debug(1, "http: options.cookies[i].path should be a string")
                bad = true
              end
+            elseif(cookie_key == 'expires') then
+              if(type(cookie_value) ~= 'string') then
+                stdnse.print_debug(1, "http: options.cookies[i].expires should be a string")
+                bad = true
+              end
            else
              stdnse.print_debug(1, "http: Unknown field in cookie table: %s", cookie_key)
              bad = true