Nmap Development mailing list archives
[NSE] nmap.fetchfile and absolute paths
From: jah <jah () zadkiel plus com>
Date: Tue, 11 Aug 2009 01:43:10 +0100
Hi folks, nmap.fetchfile() as used in NSE doesn't handle absolute paths - did it ever? - would we like it to? There's nse_fetchfile_absolute() in nse_fs.cc which used to be called by fetchfile_absolute() in the now mostly defunct nse_main.cc, but is otherwise unused at the moment. NSE now calls l_fetchfile() in nse_nmaplib.cc which calls the main nmap_fetchfile() in nmap.cc and it looks to me like absolute filepaths handling may have disappeared with the change to using this function (I could be wrong). Any script which allows --script-args /path/to/some/resource (apache-userdir-enum.nse for instance) could make use of an nse nmap.fetchfile() that handles absolute paths, either directly or via datafiles.lua Vlatko noticed the same 'deficiency' in Ncrack and a similar patch (attached) could be used for the main nmap_fetchfile() in nmap.cc though this might be undesirable given that this function handles all of Nmap's datafiles fetching and is quite cautious about the way it does so. Should we reinstate the nse_fs.cc functions instead? Regards, jah
--- nmap.cc.orig 2009-08-11 01:40:08.312500000 +0100 +++ nmap.cc 2009-08-10 22:48:02.890625000 +0100 @@ -2944,6 +2944,13 @@ } if (!foundsomething) { + res = Snprintf(filename_returned, bufferlen, "%s", file); + if (res > 0 && res < bufferlen) { + foundsomething = fileexistsandisreadable(filename_returned); + } + } + + if (!foundsomething) { filename_returned[0] = '\0'; }
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] nmap.fetchfile and absolute paths jah (Aug 10)
- Re: [NSE] nmap.fetchfile and absolute paths David Fifield (Aug 11)