Should nmap.set_port_version support name_confidence?

[David Fifield <david () bamsoftware com>]

Hi,

I was reviewing skype_v2-version.nse, because Fyodor asked me to use it
to replace the deleted showHTTPVersion.nse script in the book section
"Version Detection Using NSE" (http://nmap.org/book/nse-vscan.html).

When it has detected Skype, the script correctly informs Nmap of the
fact by calling nmap.set_port_version:

        if string.match(result, "[^%s!-~].*[^%s!-~].*[^%s!-~]") then
                port.version.name = "skype2"
                port.version.product = "Skype"
                port.version.confidence = 10
                port.version.fingerprint = nil
                nmap.set_port_version(host, port, "hardmatched")
                return  
        end

However, the setting of confidence and fingerprint appears to have no
effect. l_set_port_version in nse_nmaplib.cc doesn't read either of
these fields. (It has old code to read fingerprint, but it's commented
out.) Later in the function Port::setServiceProbeResults is called with
a fingerprint of NULL, which is the same as if the fingerprint field had
been nil, so that line has no effect.

The line setting confidence doesn't work, for one thing, because Nmap
calls that field name_confidence.
http://nmap.org/book/nse-api.html#scripting-tbl-port-version-values
But l_set_port_version doesn't look at name_confidence either.

Should it? Is its omission just an oversight? Does anything weird happen
if a service is hardmatched with a confidence of 0 (in XML output or
something)?

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org