From 8215c3420f818b0fee821a1452dd9e0c7d885294 Mon Sep 17 00:00:00 2001
From: paulino <paulino@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 15 Jul 2011 23:48:00 +0000
Subject: [PATCH] Fixes the way of creating the request line by changing
 string.format for regular string concatenation to allow null bytes in the
 requests.

---
 nselib/http.lua | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/nselib/http.lua b/nselib/http.lua
index 3cf013fc0..e40fc5f43 100644
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -1081,11 +1081,12 @@ local function build_request(host, port, method, path, options)
 
   -- Add any other header fields into the local copy.
   table_augment(mod_options, options)
-
-  local request_line = string.format("%s %s HTTP/1.1", method, path)
+  -- We concat this string manually to allow null bytes in requests
+  local request_line = method.." "..path.." HTTP/1.1"
   local header = {}
   for name, value in pairs(mod_options.header) do
-    header[#header + 1] = string.format("%s: %s", name, value)
+    -- we concat this string manually to allow null bytes in requests
+    header[#header + 1] = name..": "..value
   end
 
   return request_line .. "\r\n" .. stdnse.strjoin("\r\n", header) .. "\r\n\r\n" .. (body or "")