From b34eaabb3bfd578f23aba6513687661f2dc6dfd5 Mon Sep 17 00:00:00 2001
From: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 21 Mar 2017 13:46:30 +0000
Subject: [PATCH] Allows the HTTP Set-Cookie parser to handle a trailing
 semicolon. Fixes #731

---
 CHANGELOG       | 3 +++
 nselib/http.lua | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index 3a26064c9..0c8ef22ef 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE][GH#731] NSE is now able to process HTTP responses with a Set-Cookie
+  header that has an extraneous trailing semicolon. [nnposter]
+
 o [Nsock] Handle any and all socket connect errors the same: raise as an Nsock
   error instead of fatal. This prevents Nmap and Ncat from quitting with
   "Strange error from connect:" [Daniel Miller]
diff --git a/nselib/http.lua b/nselib/http.lua
index f1945c7b9..602d68b6f 100644
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -762,6 +762,9 @@ parse_set_cookie = function (s)
   while s:sub(pos, pos) == ";" do
     pos = pos + 1
     pos = skip_space(s, pos)
+    if pos > #s then
+      break
+    end
     pos, name = get_token(s, pos)
     if not name then
       return nil, string.format("Can't get attribute name of cookie \"%s\".", cookie.name)