PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-28 02:19:04 +00:00
Code Issues Projects Releases Wiki Activity

Rectify an HTTP digest authentication crash. Fixes #1665

Browse Source
This commit is contained in:
nnposter
2019-08-05 00:14:10 +00:00
parent 14b63a8ffe
commit f513575f5c
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG
View File

@@ -1,7 +1,11 @@
#Nmap Changelog ($Id$); -*-text-*-
o [NSE][GH#1648] CR characters are no longer treated as illegal in script XML
output. [nnposter]
o [NSE][GH#1665] The HTTP library no longer crashes when code requests digest
authentication but the server does not provide the necessary authentication
header. [nnposter]
o [NSE][GH#1648] CR characters (0x0D) are no longer treated as illegal
in script XML output. [nnposter]
o [GH#1659] Allow resuming nmap scan with lengthy command line
[Clément Notin]

2
nselib/http.lua
View File

@@ -1404,7 +1404,7 @@ function generic_request(host, port, method, path, options)
options_with_auth_removed["auth"] = nil
local r = generic_request(host, port, method, path, options_with_auth_removed)
local h = r.header['www-authenticate']
if not r.status or (h and not string.find(h:lower(), "digest.-realm")) then
if not (r.status and h and h:lower():find("digest.-realm")) then
stdnse.debug1("http: the target doesn't support digest auth or there was an error during request.")
return http_error("The target doesn't support digest auth or there was an error during request.")
end