Nmap Development mailing list archives
Re: Service fingerprints blog entry
From: doug () hcsw org
Date: Thu, 26 Feb 2009 01:57:49 +0000
On Wed, Feb 25, 2009 at 11:26:38PM +0000 or thereabouts, Brandon Enright wrote:
Hey Doug, always a good read.
Thanks. :)
I noticed that in the last few days I've been getting assertion failures due to this commit. David was able to track it down to line 4629: match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Virata-EmWeb/R([\d_]+)\r\nContent-Type: text/html; ?charset=UTF-8\r\nExpires: .*<title>HP (Color )?LaserJet ([\w-_. ]+) |si p/HP $2LaserJet $3 printer http config/ i/Virata httpd $1/ d/printer/ I have a printer (132.239.149.197:80) causing this match to crash. The issue is that the (Color ?) match is optional but is used as $2 even in cases where it was not matched. David suggested changing the match line to this: match http m#^HTTP/1\.1 \d\d\d .*\r\nServer: Virata-EmWeb/R([\d_]+)\r\nContent-Type: text/html; ?charset=UTF-8\r\nExpires: .*<title>HP (Color |)LaserJet ([\w-_. ]+) #si p/HP $2LaserJet $3 printer http config/ i/Virata httpd $1/ d/printer/ Which does, indeed, fix the issue. Rather than check this fix in, David suggested sending a note to you so you can comment on your preferred way to fix the problem. Are you okay with using the '#' delimiter, etc?
Oops that was my mistake sorry. I thought that a non-capture was converted to an empty string by nmap. I've committed the fix and I'm just checking that no other match lines have this problem. Many match lines do use optional captures but hopefully only never when any captures happen after the optional capture. Example: match http m|^<html>\n<title>DES-(\w+) +(Login)?</title>\n| p/D-Link DES-$1 switch http config/ d/switch/ I usually use the = character in such cases but there was an = in the match line here so can't use that. Interesting that # will work. I was always scared about using that because of interference from the comment character #. I committed with %. Thanks Brandon and David. Doug
Attachment:
_bin
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Service fingerprints blog entry doug (Feb 24)
- Re: Service fingerprints blog entry Brandon Enright (Feb 25)
- Re: Service fingerprints blog entry doug (Feb 25)
- Re: Service fingerprints blog entry Brandon Enright (Feb 25)