From 0776e47741bfd3e6f4d437b9aa333c582d445c81 Mon Sep 17 00:00:00 2001
From: "Nicholas.Ni" <boynicholas.ni@gmail.com>
Date: Sun, 25 Jul 2021 23:01:27 +0800
Subject: [PATCH] fix hydra-http.c

---
 hydra-http.c | 38 ++++++++++++++++++++++----------------
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/hydra-http.c b/hydra-http.c
index f7a46a7..10fe197 100644
--- a/hydra-http.c
+++ b/hydra-http.c
@@ -11,7 +11,7 @@ static char end_condition[END_CONDITION_MAX_LEN];
 int end_condition_type = -1;
 
 #define MAX_STATUS_CODE_SIZE 10
-int match_status_code[MAX_STATUS_CODE_SIZE];
+int *match_status_code;
 
 int32_t webport;
 int32_t http_auth_mechanism = AUTH_UNASSIGNED;
@@ -44,7 +44,7 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
   header = stringify_headers(&ptr_head);
 
   buffer_size = strlen(header) + 500;
-  if (!(buffer = malloc(buffer_size))) {
+  if (!(buffer = (char *)malloc(buffer_size))) {
     freeM(header);
     return 3;
   }
@@ -229,7 +229,7 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
       http_buf = hydra_receive_line(s);
     } else if (tmpreplybuf[0] != 0) {
       complete_line = 1;
-      if ((tmpreplybufptr = malloc(strlen(tmpreplybuf) + strlen(http_buf) + 1)) != NULL) {
+      if ((tmpreplybufptr = (char *) malloc(strlen(tmpreplybuf) + strlen(http_buf) + 1)) != NULL) {
         strcpy(tmpreplybufptr, tmpreplybuf);
         strcat(tmpreplybufptr, http_buf);
         freeM(http_buf);
@@ -262,7 +262,7 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
 
   // check status
   if (match_status_code != NULL) {
-    for (int i = 0; match_status_code[i]; i++) {
+    for (int i = 0; i < sizeof(*match_status_code) / sizeof(int); i++) {
       if (match_status_code[i] == atoi(ptr)) {
         if (end_condition_type == -1) {
           if (debug)
@@ -358,7 +358,7 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
     webport = mysslport;
 
   /* normalise the webtarget for ipv6/port number */
-  webtarget = malloc(strlen(hostname) + 1 /* null */ + 6 /* :65535  */
+  webtarget = (char *) malloc(strlen(hostname) + 1 /* null */ + 6 /* :65535  */
 #ifdef AF_INET6
                      + 2 /* [] */
 #endif
@@ -460,10 +460,9 @@ int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *mis
   memset(misc, '\0', strlen(miscptr));
   strcpy(misc, miscptr);
 
-  char *delim = ":";
+  const char *delim = ":";
   char *p = NULL;
   char *match_text_start = NULL;
-  memset(match_status_code, '\0', MAX_STATUS_CODE_SIZE);
 
 #if defined __APPLE__ || __linux__ || __unix__
   while ((p = strtok_r(NULL, delim, &misc))) {
@@ -476,10 +475,11 @@ int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *mis
       if (strstr(p, "r=") != NULL || strstr(p, "R=") != NULL) {
         if (strlen(p) < 3) {
           hydra_report(stderr, "Invalid status code, eg: 200 or 200|400.");
-          free(misc);
-          misc = NULL;
+          freeM(misc);
           return -1;
         }
+        
+        int *status_tmp = (int *) malloc(MAX_STATUS_CODE_SIZE * sizeof(int));
 
         char tmp;
         int value, n;
@@ -492,15 +492,15 @@ int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *mis
 
           if ((n != 1 && tmp != '|') || value > 1000) {
             hydra_report(stderr, "Invalid status code, eg: 200 or 200|400.");
-            free(misc);
+            freeM(misc);
             return -1;
           }
 
-          match_status_code[pos++] = value;
+          status_tmp[pos++] = value;
 
           if (pos > MAX_STATUS_CODE_SIZE) {
             hydra_report(stderr, "Match up to %d status codes.", MAX_STATUS_CODE_SIZE);
-            free(misc);
+            freeM(misc);
             return -1;
           }
 
@@ -514,7 +514,14 @@ int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *mis
             ++p;
           }
         }
+
+        match_status_code = (int *) malloc(pos * sizeof(int));
+        for(int i = 0; i < pos; i++) {
+          match_status_code[i] = status_tmp[i];
+        }
+        freeM(status_tmp);
       }
+
       if (strstr(p, "F=") != NULL || strstr(p, "S=") != NULL) {
         int size = 0;
         if (misc != NULL) {
@@ -543,8 +550,8 @@ int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *mis
 
       if (condition_len >= END_CONDITION_MAX_LEN) {
         hydra_report(stderr, "Condition string cannot be bigger than %u.", END_CONDITION_MAX_LEN);
-        free(misc);
-        free(match_text_start);
+        freeM(misc);
+        freeM(match_text_start);
         return -1;
       }
 
@@ -553,8 +560,7 @@ int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *mis
       if (debug)
         hydra_report(stderr, "End condition is %s, mod is %d\n", end_condition, end_condition_type);
 
-      free(match_text_start);
-      match_text_start = NULL;
+      freeM(match_text_start);
 
       if (debug)
         hydra_report(stderr, "Modificated options:%s\n", miscptr);