fix http-post-form optional parameter parsing

CHANGES

@@ -1,8 +1,14 @@
 Changelog for hydra
 -------------------
 
-Release 9.1-dev
+
+Release 9.2-dev
+* fix for http-post-form optional parameters
 * enable gcc 10 support for xhydra too :)
+* msys support
+
+
+Release 9.1-dev
 * rdb: support for libfreerdp3 (thanks to animetauren)
 * new module: smb2 which also supports smb3 (uses libsmbclient-dev) (thanks to Karim Kanso for the module!)
 * oracle: added success condition (thanks to kazkansouh), compile on Cygwin (thanks to maaaaz)

hydra-http-form.c

@@ -400,6 +400,10 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
    * Beware of the backslashes (\)!
    */
   while (*miscptr != 0) {
+    if (strlen(miscptr) < 3 || miscptr[1] != '=') {
+      hydra_report(stderr, "[ERROR] optional parameters must have the format X=value: %s\n", miscptr);
+      return 0;
+    }
     switch (miscptr[0]) {
     case 'a': // fall through
     case 'A': // only for http, not http-form!
@@ -504,7 +508,9 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
       // Error: abort execution
       hydra_report(stderr, "[ERROR] Out of memory for HTTP headers (H).\n");
       return 0;
-      // no default
+    default:
+      hydra_report(stderr, "[ERROR] no valid optional parameter type given: %c\n", miscptr[0]);
+      return 0;
     }
   }
   return 1;
@@ -1197,7 +1203,7 @@ void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *mi
     service_http_form(ip, sp, options, miscptr, fp, port, hostname, "GET", &ptr_head, &ptr_cookie);
   else {
     hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n");
-    hydra_child_exit(1);
+    hydra_child_exit(2);
   }
 }
 
@@ -1209,7 +1215,7 @@ void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *m
     service_http_form(ip, sp, options, miscptr, fp, port, hostname, "POST", &ptr_head, &ptr_cookie);
   else {
     hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n");
-    hydra_child_exit(1);
+    hydra_child_exit(2);
   }
 }
 
@@ -1224,6 +1230,8 @@ int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char
   //   0 all OK
   //   -1  error, hydra will exit, so print a good error message here
 
+  if (initialize(ip, options, miscptr) == NULL) return 1;
+
   return 0;
 }
 
@@ -1281,22 +1289,16 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
     ptr++;
   if (*ptr != 0)
     *ptr++ = 0;
+  cond = ptr;
 
-  if ((ptr2 = rindex(ptr, ':')) != NULL) {
-    cond = ptr2 + 1;
-    *ptr2 = 0;
+  if ((ptr2 = index(ptr, ':')) != NULL) {
+    *ptr2++ = 0;
+    if (*ptr2)
+      optional1 = ptr2;
+    else
+      optional1 = NULL;
   } else
-    cond = ptr;
-  /*
-    while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
-      ptr++;
-    if (*ptr != 0)
-      *ptr++ = 0;
-  */
-  if (ptr == cond)
     optional1 = NULL;
-  else
-    optional1 = ptr;
 
   if (strstr(url, "\\:") != NULL) {
     if ((ptr = malloc(strlen(url))) != NULL) {
@@ -1332,7 +1334,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
   sprintf(cookieurl, "%.1000s", url);
 
   // conditions now have to contain F or S to set the fail or success condition
-  if (*cond != 0 && (strpos(cond, "F=") == 0)) {
+  if (strpos(cond, "F=") == 0) {
     success_cond = 0;
     cond += 2;
   } else if (*cond != 0 && (strpos(cond, "S=") == 0)) {

hydra.c

@@ -225,7 +225,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] "
 #define RESTOREFILE "./hydra.restore"
 
 #define PROGRAM "Hydra"
-#define VERSION "v9.1"
+#define VERSION "v9.2-dev"
 #define AUTHOR "van Hauser/THC"
 #define EMAIL "<vh@thc.org>"
 #define AUTHOR2 "David Maciejak"