From 5a451ba54192cb029600a83afaf0fc3a1730dd50 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 12 Jan 2022 10:27:58 +0100 Subject: [PATCH] http-form: no empty headers --- CHANGES | 1 + hydra-http-form.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index 208b12f..48374f9 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,7 @@ Release 9.3-dev * new module: cobaltstrike by ultimaiiii, thank you! * fix for ssh to support -M or ip/range * fix for rdp to detect empty passwords +* fix for http-form to no send empty headers * fix for http on non-default ports when using with a proxy * for vnc/cisco/... protocols that only check for a password, skip host after the password is found diff --git a/hydra-http-form.c b/hydra-http-form.c index f675beb..224bf8d 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -258,6 +258,9 @@ int32_t add_header(ptr_header_node *ptr_head, char *header, char *value, char ty ptr_header_node cur_ptr = NULL; ptr_header_node existing_hdr, new_ptr; + if (!header || !value || !strlen(header) || !strlen(value)) + return; + // get to the last header for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next) ;