Nmap Development mailing list archives
Re: Error in http.lua's chunked encoding
From: Ron <ron () skullsecurity net>
Date: Thu, 20 Aug 2009 11:07:15 -0500
On 08/18/2009 01:35 PM, David Fifield wrote:
On Tue, Aug 18, 2009 at 01:03:59AM -0300, Joao Correa wrote: Breaking the response stream on anything that looks like a Status-Line is really wrong. What if a response contains "HTTP/1.1 200" in the body? What if the body doesn't end in a newline, so that the Status-Line of the next response doesn't come at the beginning of a line? Responses to pipelined requests are supposed to either have a Content-Length or use the chunked Transfer-Encoding, both of which allow you to find the length of the body and the start of the next response. The get_chunks iterator returns the offset after the last chunk so you can start parsing the next response there.
I just ran into a bug that I traced back to exactly this code. Jaoa, have you made any progress on fixing this? Thanks! Ron _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: Error in http.lua's chunked encoding, (continued)
- Re: Error in http.lua's chunked encoding Joao Correa (Aug 17)
- Message not available
- Re: Error in http.lua's chunked encoding Joao Correa (Aug 17)
- Re: Error in http.lua's chunked encoding Ron (Aug 18)
- Message not available
- Error in http.lua's chunked encoding Joao Correa (Aug 18)
- Re: Error in http.lua's chunked encoding David Fifield (Aug 18)
- Re: Error in http.lua's chunked encoding David Fifield (Aug 18)
- Re: Error in http.lua's chunked encoding Joao Correa (Aug 18)
- Re: Error in http.lua's chunked encoding Ron (Aug 19)
- Re: Error in http.lua's chunked encoding David Fifield (Aug 19)
- Re: Error in http.lua's chunked encoding Joao Correa (Aug 19)
- Re: Error in http.lua's chunked encoding Ron (Aug 20)
- Message not available
- Error in http.lua's chunked encoding Joao Correa (Aug 20)
- Re: Error in http.lua's chunked encoding Ron (Aug 20)