Skip to content

Commit

Permalink
fix for http-form redirect
Browse files Browse the repository at this point in the history
  • Loading branch information
@vanhauser-thc
vanhauser-thc committed Aug 4, 2022
1 parent 697f408 commit 5cb9e50
Showing 1 changed file with 21 additions and 17 deletions.
38 changes: 21 additions & 17 deletions hydra-http-form.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -983,9 +983,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
while (found == 0 && redirected_flag && !code_302_is_success && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) {
// we have to split the location
char *startloc, *endloc;
char str[2048];
char str2[2048];
char str3[2048];
char str[2048], str2[2048], str3[2048], str4[2048];

redirected_cpt--;
redirected_flag = 0;
Expand All @@ -1004,19 +1002,21 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
startloc += strlen("://");

if ((endloc = strchr(startloc, '\r')) != NULL) {
startloc[endloc - startloc] = 0;
*endloc = 0;
}
if ((endloc = strchr(startloc, '\n')) != NULL) {
startloc[endloc - startloc] = 0;
*endloc = 0;
}
strcpy(str, startloc);
strncpy(str, startloc, sizeof(str) - 1);
str[sizeof(str) - 1] = 0;

endloc = strchr(str, '/');
if (endloc != NULL) {
strncpy(str2, str, endloc - str);
str2[endloc - str] = 0;
} else
strncpy(str2, str, sizeof(str));
} else {
strcpy(str2, str);
}

if (strlen(str) - strlen(str2) == 0) {
strcpy(str3, "/");
Expand All @@ -1025,7 +1025,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
str3[strlen(str) - strlen(str2)] = 0;
}
} else {
strncpy(str2, webtarget, sizeof(str2));
strncpy(str2, webtarget, sizeof(str2) - 1);
str2[sizeof(str2) - 1] = 0;
if (redirected_url_buff[0] != '/') {
// it's a relative path, so we have to concatenate it
// with the path from the first url given
Expand All @@ -1041,8 +1042,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
} else {
sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff);
}
} else
strncpy(str3, redirected_url_buff, sizeof(str3));
} else {
strncpy(str3, redirected_url_buff, sizeof(str3) - 1);
str3[sizeof(str3) - 1] = 0;
}
if (debug)
hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3, url);
}
Expand All @@ -1054,12 +1057,13 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
str3[0] = '/';
}

if (strrchr(url, ':') == NULL && port != 80) {
sprintf(str2, "%.2040s:%d", str2, port);
if (strrchr(str2, ':') == NULL && (port != 80 || port != 443)) {
sprintf(str4, "%.2000s:%d", str2, port);
strcpy(str2, str4);
}

if (verbose)
hydra_report(stderr, "[VERBOSE] Page redirected to http://%s%s\n", str2, str3);
hydra_report(stderr, "[VERBOSE] Page redirected to http[s]://%s%s\n", str2, str3);

if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", "0");
Expand Down Expand Up @@ -1315,19 +1319,19 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
optional1 = NULL;

if (strstr(url, "\\:") != NULL) {
if ((ptr = malloc(strlen(url))) != NULL) {
if ((ptr = malloc(strlen(url) + 1)) != NULL) {
strcpy(ptr, hydra_strrep(url, "\\:", ":"));
url = ptr;
}
}
if (strstr(variables, "\\:") != NULL) {
if ((ptr = malloc(strlen(variables))) != NULL) {
if ((ptr = malloc(strlen(variables) + 1)) != NULL) {
strcpy(ptr, hydra_strrep(variables, "\\:", ":"));
variables = ptr;
}
}
if (strstr(cond, "\\:") != NULL) {
if ((ptr = malloc(strlen(cond))) != NULL) {
if ((ptr = malloc(strlen(cond) + 1)) != NULL) {
strcpy(ptr, hydra_strrep(cond, "\\:", ":"));
cond = ptr;
}
Expand Down

0 comments on commit 5cb9e50

Please sign in to comment.