Nmap Development mailing list archives
Re: New patch for XML output
From: "João Medeiros" <ignotus21 () gmail com>
Date: Fri, 14 Dec 2007 08:10:14 -0300
Hi David, I don't know if you the the topic [0] that I talk about the problem. In it the reason to do this is explained. I don't understand if you mean that is not necessary escape this, or if exists a better way to solve the problem. If it's the first, please read the link below. [0] http://seclists.org/nmap-dev/2007/q4/0572.html Att, João Medeiros. On Dec 14, 2007 4:32 AM, David Fifield <david () bamsoftware com> wrote:
On Wed, Dec 12, 2007 at 07:35:25AM -0300, Jo?o Medeiros wrote:Latter I see that osfingerprint write code don't use xml_converter. Then, I do it and cut the start '\n'. The patch for Nmap 4.49RC7 is attached.--- nmap-4.49RC7/output.cc 2007-10-27 21:05:03.000000000 -0300 +++ nmap-4.49RC7/output.cc.new 2007-12-12 07:18:26.000000000 -0300 @@ -798,6 +798,15 @@ for (p = temp;(prevch = ch, ch = *str);str++) { char *a; switch (ch) { + case '\t': + a = "	"; + break; + case '\r': + a = "
"; + break; + case '\n': + a = "
"; + break; case '<': a = "<"; break; I don't see any reason to escape '\t', '\r', and '\n'. Even inside attribute values they are okay. @@ -1559,11 +1568,11 @@ } else { assert(0); } if (o.debugging || o.verbose) { - log_write(LOG_XML,"<osfingerprint fingerprint=\"\n%s\" />\n", - mergeFPs(FPR->FPs, FPR->numFPs, false, + log_write(LOG_XML,"<osfingerprint fingerprint=\"%s\" />\n", + xml_convert(mergeFPs(FPR->FPs, FPR->numFPs, false, currenths->v4hostip(), distance, currenths->MACAddress(), FPR->osscan_opentcpport, FPR->osscan_closedtcpport, FPR->osscan_closedudpport, - false)); + false))); } log_write(LOG_XML, "</os>\n"); xml_convert returns a pointer to dynamically allocated memory so you have to call free on it after using. OS fingerprints can't contain any forbidden characters at the moment, but it's better to be safe than sorry. I committed a modified patch that frees the allocated memory and doesn't remove the initial newline (I think it looks better to keep it). David Fifield
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- New patch for XML output João Medeiros (Dec 12)
- Re: New patch for XML output David Fifield (Dec 13)
- Re: New patch for XML output João Medeiros (Dec 14)
- Re: New patch for XML output David Fifield (Dec 14)
- Re: New patch for XML output João Medeiros (Dec 14)
- Re: New patch for XML output Fyodor (Dec 20)
- Re: New patch for XML output Max (Dec 20)
- Re: New patch for XML output João Medeiros (Dec 14)
- Re: New patch for XML output David Fifield (Dec 13)