From f1ea488753e7879c56824cf9c6a0af9c2f448a19 Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Wed, 18 Aug 2010 18:22:03 +0000
Subject: [PATCH] Add better error checking to http.read_auth_challenge; bail
 out if read_token or read_token_or_quoted_string fails.

---
 nselib/http.lua | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/nselib/http.lua b/nselib/http.lua
index 1f54c92c4..5d4261f97 100644
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -1431,6 +1431,9 @@ local read_auth_challenge = function(s, pos)
     -- followed by an equals sign.
     tmp_pos = pos
     tmp_pos, name = read_token(s, tmp_pos)
+    if not name then
+      return nil
+    end
     tmp_pos = skip_space(s, tmp_pos)
     if string.sub(s, tmp_pos, tmp_pos) ~= "=" then
       -- No equals sign, must be the beginning of another challenge.
@@ -1440,6 +1443,9 @@ local read_auth_challenge = function(s, pos)
 
     pos = tmp_pos
     pos, val = read_token_or_quoted_string(s, pos)
+    if not val then
+      return nil
+    end
     if params[name] then
       return nil
     end