Nmap Development mailing list archives
[NSE] Tweaks for buildCookies() in nselib/http.lua
From: nnposter () users sourceforge net
Date: Sat, 10 Aug 2013 21:19:25 +0000
The following patch modifies interpretation of the cookie path in nselib/http.lua to make it more compliant with RFC 6265, Section 5.1.4. The current behavior is problematic in the following situations: * LUA regular expression meta-characters can get accidentally interpreted, as opposed to being matched literally. False-positive match: - cookie path: "/foo" - request path: "/fo.html" * The matching is done against any location within a path, as opposed to just the beginning. False-positive match: - cookie path: "/bar" - request path: "/foo/bar/baz" * The match end is not forced to be on a subdirectory boundary. False-positive match: - cookie path: "/foo" - request path: "/foobar" In addition the patch allows use of path-less cookies. The assumption is that if a cookie does not have any path then the script wants them to be used. (If the original intent of the library has been the exact opposite, i.e. turning them into NOOPs, then it is trivial adjust the "if" condition in the patch accordingly.) Patch against revision 31721 follows: --- http.lua.orig 2013-08-10 09:29:55.445500000 -0600 +++ http.lua 2013-08-10 12:42:16.383000000 -0600 @@ -893,7 +893,12 @@ local cookie = "" if type(cookies) == 'string' then return cookies end for i, ck in ipairs(cookies or {}) do - if not path or string.match(ck["path"],".*" .. path .. ".*") then + local ckpath = ck["path"] + if not path or not ckpath + or ckpath == path + or ckpath:sub(-1) == "/" and ckpath == path:sub(1, ckpath:len()) + or ckpath .. "/" == path:sub(1, ckpath:len()+1) + then if i ~= 1 then cookie = cookie .. " " end cookie = cookie .. ck["name"] .. "=" .. ck["value"] .. ";" end The following patch trivially modifies the cookie header assembling logic to make it more compliant with RFC 6265, Section 4.2.1, which does not allow the trailing semicolon. Patch against revision 31721 (+ the patch above) follows: --- http.lua 2013-08-10 12:42:16.383000000 -0600 +++ http.lua.new 2013-08-10 12:46:59.304875000 -0600 @@ -892,18 +892,17 @@ local function buildCookies(cookies, path) local cookie = "" if type(cookies) == 'string' then return cookies end - for i, ck in ipairs(cookies or {}) do + for _, ck in ipairs(cookies or {}) do local ckpath = ck["path"] if not path or not ckpath or ckpath == path or ckpath:sub(-1) == "/" and ckpath == path:sub(1, ckpath:len()) or ckpath .. "/" == path:sub(1, ckpath:len()+1) then - if i ~= 1 then cookie = cookie .. " " end - cookie = cookie .. ck["name"] .. "=" .. ck["value"] .. ";" + cookie = cookie .. ck["name"] .. "=" .. ck["value"] .. "; " end end - return cookie + return cookie:gsub("; $","") end -- HTTP cache. Cheers, nnposter _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Tweaks for buildCookies() in nselib/http.lua nnposter (Aug 10)
- Re: [NSE] Tweaks for buildCookies() in nselib/http.lua George Chatzisofroniou (Aug 10)