Nmap Development mailing list archives

Re: [patch] Assorted NSE fixes

From: David Fifield <david () bamsoftware com>
Date: Tue, 29 May 2012 14:07:04 -0700

On Tue, May 29, 2012 at 12:42:06PM -0500, Daniel Miller wrote:

List,

I came across a few more issues with NSE scripts. First, the
attached patch for the smb.lua library fixes an issue with scope
shadowing where arguments passed to the start_ex function had the
same names as functions that were called from within start_ex,
resulting in errors like this:

NSE: ms-sql-info against 192.168.1.20 threw an error!
./nselib/smb.lua:351: attempt to call local 'negotiate_protocol'
(a boolean value)
stack traceback:
       ./nselib/smb.lua:351: in function 'start_ex'
       ./nselib/smb.lua:3845: in function 'connect'
       ./nselib/mssql.lua:1659: in function 'ConnectToNamedPipe'
       ./nselib/mssql.lua:2098: in function 'DiscoverBySmb'
       ./nselib/mssql.lua:2151: in function 'Discover'
       ./scripts/ms-sql-info.nse:238: in function
<./scripts/ms-sql-info.nse:231>
       (...tail calls...)

The other 2 issues were small, so I'll inline the patches:

dns-client-subnet-scan makes the mistake of returning a shortport
portrule from within a portrule, rather than calling it:

--- a/scripts/dns-client-subnet-scan.nse
+++ b/scripts/dns-client-subnet-scan.nse
@@ -64,11 +64,11 @@ prerule = function()
        return true
 end

-portrule = function()
+portrule = function(host, port)
        if ( nmap.address_family() ~= "inet" ) then
                return false
        else
-               return shortport.port_or_service(53, "domain",
{"tcp", "udp"})
+               return shortport.port_or_service(53, "domain",
{"tcp", "udp"})(host, port)
        end
 end

xmpp-info throws errors relating to passing nil to a format string
because it defaults to host.targetname. I added a second default,
host.name, which will always at least have a blank string. This adds
another layer of "maybe it will work", and avoids the uncaught
exception:

--- a/scripts/xmpp-info.nse
+++ b/scripts/xmpp-info.nse
@@ -518,7 +518,7 @@ end

 portrule = shortport.port_or_service({5222, 5269}, {"jabber",
"xmpp-client", "xmpp-server"})
 action = function(host, port)
-    local server_name =
stdnse.get_script_args("xmpp-info.server_name") or host.targetname
+    local server_name =
stdnse.get_script_args("xmpp-info.server_name") or host.targetname
or host.name
     local alt_server_name =
stdnse.get_script_args("xmpp-info.alt_server_name") or "."
     local err_tmp = { {}, {} }
     local id_tls


Thanks Dan, I added these changes.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[patch] Assorted NSE fixes Daniel Miller (May 29)
- Re: [patch] Assorted NSE fixes Patrick Donnelly (May 29)
  - Re: [patch] Assorted NSE fixes Daniel Miller (May 29)
- Re: [patch] Assorted NSE fixes David Fifield (May 29)