Nmap Development mailing list archives
Re: [NSE patch] patch for print_debug calls in scripts without proper formatstring
From: Fyodor <fyodor () insecure org>
Date: Fri, 29 Aug 2008 02:16:51 -0700
On Mon, Aug 25, 2008 at 09:58:11AM +0200, Sven Klemm wrote:
the stdnse.print_debug() function unlike the normal lua print() function expects a format specifier similar to string.format(). There are a few scripts which pass non-static data directly to print_debug leading to "format string vulnerabilities". When lua encounters any % with unknown conversion specifier or any conversion specifier with unmatched argument given to the print_debug() call script execution will stop. The attached patch fixes the affected scripts.
Thanks Sven! I've applied this. -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE patch] patch for print_debug calls in scripts without proper formatstring Sven Klemm (Aug 25)
- Re: [NSE patch] patch for print_debug calls in scripts without proper formatstring Fyodor (Aug 29)