first was that pos was declared as a local variable and shadowed the pos
parameter. The second was that when multiple WWW-Authenticate headers
were present, the wrong pos would be returned after reading the first
one. The arrow shows the pos it was returning:
Digest realm="My Site", domain="/", Basic realm="My Site"
^
It now returns this correct pos, ready to read the next challenge:
Digest realm="My Site", domain="/", Basic realm="My Site"
^
This was a problem I had already solved for Ncat but I copied the logic
imperfectly to http.lua.
non-whitespace characters, the position counter was advanced one past
where it was supposed to be. This didn't have any bad effect when the
server used CRLF to separate header fields, because it ate the CR and
still recognized LF as ending the field. But it concatenated multiple
header fields when the server only used LF to separate them.
where I added a check to make sure that a GET request would hit a cache
entry for a HEAD request and vice versa. Because of a misnamed
identifier, the test was always false.
buildGet/buildRequest with a one-step build_request. Provide a new
function generic_request that can do a request for any given method
(get, head, and post are now defined in terms of this function).
options table, in http functions. It was unreasonable that this
yet-unused feature was given a more prominent place than even the header
and request body, both of which are in the options table.
This change doesn't affect any other scripts or libraries because none
of them use cookies. In the cases, like http.get, where cookies was an
optional final parameter, I just removed it. Where it was not the final
parameter, as in http.post and http.pGet, I left the parameter in place
but documented that it is ignored for backwards compatibility.
there is one. Even though section 4.4 of RFC 2616 says that sending a
body in response to a HEAD request is a MUST NOT, pyllyukko sent me a
sample from a server that does--"LuCI - Lua Configuration Interface".
initial request to get a value stored in the Keep-Alive header, which is
the size of the pipeline. It then iterates, doignt hat many requests at
once until the list of requests is exhausted. The prbolem was that in
the first round, it didn't count its initial Keep-Alive probe. So if the
server said it was good for 40 requests, we would send 41 before closing
the connection. Even worse was when the initial probe returned a
"Connection: close"; the pipeline would try another request before
closing the connection for the first time.
failure. It happened when there was an error getting the a response
at the beginning of a batch in http.pipeline. The symptoms of the
bug were:
NSE: Received only 0 of 1 expected reponses.
Decreasing max pipelined requests to 0.
NSOCK (0.1870s) Write request for 0 bytes...
nmap: nsock_core.c:516: handle_write_result: Assertion `bytesleft > 0' failed.
The error was reported by Brandon Enright and pyllyukko.
parsing mostly. Response parsing is centralized, and fewer operations
are done on raw HTTP data.
The biggest user-visible change is that http.request goes back to
returning a parsed result table, not raw HTTP data. I believe this is
how the function worked in the past; it's what the NSEDoc for the
function says. The only thing that used http.request was citrixxml.lua,
and this commit alters it to match the new expectations.
The other change is that the http.pipeline function no longer accepts
the "raw" option. The only script that used that was sql-injection.nse,
and this commit modifies that script as well.
HEAD request. This makes it look like the response to the HEAD request
has a body. As a result, http-enum can wrongly surmise that HEAD
requests don't work when it hits a cache entry while testing HEAD.
# nmap --script=http-date,http-enum -PN -p 80 -d2
NSE: NSE Script Threads (2) running:
NSE: Final http cache size (373 bytes) of max size of 1000000
NSE: HTTP: Host returns proper 404 result.
NSE: Final http cache size (1905 bytes) of max size of 1000000
NSE: Finished 'http-date' (thread: 0x8535a40).
NSE: HTTP: Warning: Host returned data when performing HEAD.
NSE: Checking if a GET request is going to work out
After this change:
NSE: NSE Script Threads (2) running:
NSE: Final http cache size (373 bytes) of max size of 1000000
NSE: HTTP: Host returns proper 404 result.
NSE: Final http cache size (1905 bytes) of max size of 1000000
NSE: Finished 'http-date' (thread: 0x8e75b00).
NSE: Final http cache size (1905 bytes) of max size of 1000000
NSE: HTTP: Host supports HEAD.
