Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http library cookie bug
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 15 Mar 2011 22:36:18 +0100


On Mar 15, 2011, at 21:18 , John Bond wrote:

On 15 March 2011 20:33, Patrik Karlsson <patrik () cqure net> wrote:
Hi,

I think I ran into a bug when testing some code that handles cookies.
As far as I can understand from RFC 2109 "Attributes (names) (attr) are case-insensitive."

When the http-library parses the cookie, each name value pair is processed and a table field is dynamically created 
using the following code:
cookie[name] = value

I'm testing against two different servers. One returns the cookie path value all lowercase and the second using a 
leading capital P.
I think it would make more sense if the cookie attributes were always stored using lowercase table field names.
So I propose the following patch:

- cookie[name] = value
+ cookie[name:lower()] = value

Im not familiar with the specifics of the cookie rfc's however in http
1.1 paths should be considered case-sensitive[1] so i suspect it is
the same for the path part of the http cookie

In this case, it's not actually the path value but the attribute name.
So consider the following examples:

Set-Cookie: A=B; path=/; domain=.foo.com
Set-Cookie: A=B; Path=/; domain=.foo.com

In the first example the path attribute would be accessible from the cookie table like this: cookie.path
While in the second example, you would need to do the following: cookie.Path

//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault