Nmap Development mailing list archives

Bug in mssql.lua library released in nmap-5.35DC1

From: serge <serege () yandex ru>
Date: Fri, 15 Oct 2010 15:30:31 +0400


Hello!
 
There's an ambiguity in an algorithm of LoginPacket.TDS7CryptPass function of mssql.lua library released in 
nmap-5.35DC1:
- "s" packing of any negative short number at string 621of mssql.lua will always result '80 00' at my debian linux (x86)
- the same packing at windows xp (x86) works properly.

To avoid this strange behaviour I have change "s" packing to "S" packing at string 621 of mssql.lua (see attached file) 
and function will work correctly at both linux and windows (x86).

May be it would be true to eliminate this ambiguity in bin.pack implementation of next commit of Nmap sources.
 
-- 
Best wishes,
Sergey.

Attachment: mssql.lua
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Bug in mssql.lua library released in nmap-5.35DC1 serge (Oct 15)
- Re: Bug in mssql.lua library released in nmap-5.35DC1 Patrik Karlsson (Oct 15)