Nmap Development mailing list archives
Re: Small Problem w/RegEx for Service Detection...
From: "Paul Tod Rieger" <prie () abl com>
Date: Wed, 6 Sep 2000 12:04:32 -0400
Jay Freeman (saurik) <saurik () saurik com> noted:
The real crux of the problem is that Expect's parser isn't any better than regcomp(). [...] It doesn't have internal escaping, takes even fewer arguments (a single "char *"), and has almost the same error message for trying exact escaping of '\0': [...] When working with applications that shoot back binary data it becomes just as annoying to work with as nmap+V
Yeah, the author of Expect agrees with you: On pp. 155-157 of Exploring Expect (the rhesus monkey book?), Don Libes discusses Expecting a Null Character: remove_nulls 0 ;# disable null removal expect null ;# match a null While the user can search for only a null, any characters skipped over can be found in "expect_out(buffer)". Libes gives an example of a procedure that calculates the value of a 4-byte integer that may contain binary zeroes. He concludes: "This approach to handling null bytes may seem slow and awkward (and it is), [...] The tradeoff of allowing null to be handled differently is that it allows the rest of Tcl to be much simpler than it otherwise would be." He seems to agree that there just isn't going to be a fast and elegant way to handle binary protocols with regexp. Slow and awkward is to be ... expected. Tod abl.com --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Small Problem w/RegEx for Service Detection... Jay Freeman (saurik) (Sep 03)
- <Possible follow-ups>
- Re: Small Problem w/RegEx for Service Detection... Paul Tod Rieger (Sep 03)
- RE: Small Problem w/RegEx for Service Detection... Jay Freeman (saurik) (Sep 03)
- Re: Small Problem w/RegEx for Service Detection... Paul Tod Rieger (Sep 06)