Re: [NSE] More library global problems

[Patrik Karlsson <patrik () cqure net>]

On 13 feb 2010, at 01.22, David Fifield wrote:

> On Mon, Feb 08, 2010 at 09:41:35AM +0100, Patrik Karlsson wrote:
> > On 8 feb 2010, at 03.53, Patrick Donnelly wrote:
> > > There are other problems such as afp.lua (mentioned on IRC by Patrik)
> > > using a request_id global to keep track of the current id for a
> > > packet. This need to be changed to per script thread data. This is
> > > partially explored in a new section in the Nmap book I recently
> > > committed (and will be online soonish?). You can get by with using
> > > coroutine.running as keys in a weak keyed local table to hold this
> > > data. (Whether you use stdnse.base or coroutine.running is subject to
> > > your design.)
> > >
> > > [1] http://seclists.org/nmap-dev/2009/q3/70
> >
> > Thanks! I've attached a proposed patch that uses a fully weak local
> > table to store the request id's. I would appreciate your comments
> > before committing.
>
> Is the request_id just used to make the numbers unique for each packet?
> Then it's no problem if all threads share one sequence. (I guess there
> is a little bit of information disclosed. The scanned machine could look
> at the ids and guess how many afp scripts are running.) Does it work
> just to make the variable local to the library?
>
> If the protocol requires ids to be consecutive, then you do need to have
> a separate sequence per thread, and you can disregard the above.
>
> David Fifield


The ids should be consecutive per session. I've reworked the afp library during the past few days and amongst many 
other things fixed this flaw by making the RequestId a class member variable. I'll post the new library once I have the 
chance to finish the last few things I'm working on.

//Patrik
--
Patrik Karlsson
http://www.cqure.net




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/