Bugfix for issue 121 -- increased URL/POST/cookie data size to 6096 bytes from 1000 bytes.

hydra-http-form.c

@@ -84,7 +84,7 @@ char cookie[4096] = "", cmiscptr[1024];
 extern char *webtarget;
 extern char *slash;
 int webport, freemischttpform = 0;
-char bufferurl[1024], cookieurl[1024] = "", userheader[1024] = "", *url, *variables, *optional1;
+char bufferurl[6096+24], cookieurl[6096+24] = "", userheader[6096+24] = "", *url, *variables, *optional1;
 
 #define MAX_REDIRECT 				8
 #define MAX_CONTENT_LENGTH	20
@@ -1056,7 +1056,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
   else
     webport = PORT_HTTP_SSL;
 
-  sprintf(bufferurl, "%.1000s", miscptr);
+  sprintf(bufferurl, "%.6096s", miscptr);
   url = bufferurl;
   ptr = url;
   while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
@@ -1162,11 +1162,12 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
     case 'H':
       // add a new header, or replace an existing one's value
 			ptr = optional1 + 2;
-      while (*ptr != 0 && *ptr != ':')
+      while (*ptr != 0 && *ptr != ':') ptr++;
-      	ptr++;
+
       if (*(ptr - 1) == '\\')
 	*(ptr - 1) = 0;
-			if (*ptr != 0){
+
+      if (*ptr != 0) {
 	*ptr = 0;
         ptr += 2;
       }

hydra-mod.c

@@ -1040,8 +1040,13 @@ int make_to_lower(char *buf) {
 
 char *hydra_strrep(char *string, char *oldpiece, char *newpiece) {
   int str_index, newstr_index, oldpiece_index, end, new_len, old_len, cpy_len;
-  char *c, oldstring[1024], newstring[1024];
+  char *c, oldstring[6096], newstring[6096]; //updated due to issue 192 on github.
-  static char finalstring[1024];
+  static char finalstring[6096];
+
+  if(strlen(string) > 6096) {
+    hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max limit is 6096 characters.\n");
+    exit(-1);
+  }
 
   if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1
       || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece)))

hydra.c

@@ -3249,7 +3249,7 @@ int main(int argc, char *argv[]) {
 
     if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0
         || strcmp(hydra_options.service, "https-post-form") == 0) {
-      char bufferurl[1024], *url, *variables, *cond, *optional1;
+      char bufferurl[6096+24], *url, *variables, *cond, *optional1; //6096 comes from issue 192 on github. Extra 24 bytes for null padding. 
 
       if (strncmp(hydra_options.service, "http-", 5) == 0) {
         i = 1;
@@ -3284,7 +3284,7 @@ int main(int argc, char *argv[]) {
       if (strstr(hydra_options.miscptr, "\\:") != NULL) {
         fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n");
       } else {
-        sprintf(bufferurl, "%.1000s", hydra_options.miscptr);
+        sprintf(bufferurl, "%.6096s", hydra_options.miscptr);
         url = strtok(bufferurl, ":");
         variables = strtok(NULL, ":");
         cond = strtok(NULL, ":");