Nmap Development mailing list archives
Error in nselib/dns.lua (I think)
From: Eugene Alexeev <eugene.alexeev () gmail com>
Date: Fri, 9 Apr 2010 16:12:47 -0600
Gents, I made a quick post on this yesterday, and spent the last couple of hours making sure that I was not mistaken. I'd really like to get something in terms of feedback, it makes no difference to me if its a yay or a nay, but I'd like to get a second set of eyes on this please. nselib/dns.lua line # 110 currently reads "if #rPkt.answers[1].dtype == types.CNAME then". When I perform a nselib/dns -> query(#,#,tries=0,norecurse=true) on a server that returns a single CNAME as the answer, the following exception is thrown: Initiating NSE at 16:01 NSE: NSE Script Threads (1) running: NSE: Starting 'dns-cache-snoop' (thread: 0x1f5fd30) against 192.168.1.11:53. NSE: Performing a non-recursive query for mail.google.com NSE: pkt.answers[1].dtype is a (type) of: number NSE: mail.google.com was in the DNS cache. NSE: Performing a non-recursive query for gmail.com NSE: dns.query() failed to resolve the requested query: gmail.com NSE: gmail.com was not in the DNS cache NSE: Performing a non-recursive query for mail.yahoo.com NSE: pkt.answers[1].dtype is a (type) of: number NSE: 'dns-cache-snoop' (thread: 0x1f5fd30) against 192.168.1.11:53 threw an error! /home/ealexeev/local/share/nmap/nselib/dns.lua:110: attempt to get length of field 'dtype' (a number value) stack traceback: /home/ealexeev/local/share/nmap/nselib/dns.lua:110: in function 'getAuthDns' /home/ealexeev/local/share/nmap/nselib/dns.lua:205: in function 'query' ...cal/share/nmap-5.30BETA1/scripts/dns-cache-snoop.nse:159: in function 'NoRecursionDnsQuery' ...cal/share/nmap-5.30BETA1/scripts/dns-cache-snoop.nse:262: in function <...cal/share/nmap-5.30BETA1/scripts/dns-cache-snoop.nse:229> (tail call): ? The extra debug messages in the format of NSE: pkt.answers[1].dtype is a (type) of: x are due to extra debugging code I added to nselib/dns.lua at line 990: if pkt.answers[1] ~= nil and pkt.answers[1].dtype ~= nil then stdnse.print_debug("pkt.answers[1].dtype is a (type) of: %s", type(pkt.answers[1].dtype)) end As you can see, pkt.answers[1].dtype appears to always be a number, so the "#" in line 110 does not make sense. The dtype of any pkt.answers|options as defined by this library should always be a number as shown by the conversion from a string to a number prior to encoding on lines 157-159. I have removed the # from line 110 and confirmed that everything appears to work as expected, but don't have enough knowledge to do any meaningful regression testing. If someone could spare a few minutes to take a look at this, it would be greatly appreciated. I can provide the .pcap log of the above transaction if that would be helpful. Also, what is the process for submitting a new NSE script for review? I've written a script that leverages the dns library and would like to submit it after it's testing is done. If there is another process for submitting this potential bug, I'm all ears... Eugene _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Error in nselib/dns.lua (I think) Eugene Alexeev (Apr 09)
- Re: Error in nselib/dns.lua (I think) jah (Apr 10)