Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [patch] More NSE bugfixes

From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 05 Jun 2012 09:17:57 -0500
Ron,
In general, throwing an exception should be avoided in favor of returning nil from the action, or returning a description of the error if nmap.debugging() > 0. I would guess that the majority of them are due to bugs rather than an expected failure condition.
Stack traces are particularly interesting right now because of the change from Lua 5.1 to 5.2, so any bugs related to that can be worked out. 

Dan

On 06/05/2012 08:53 AM, Ron wrote:

A question related to this - are all stacktraces in -d output bad? Or are some expected?

I've scanned 50,000+ Internet hosts in the last little while. There are a lot of stacktraces in my output. I can go through and 
post them if they shouldn't be happening. Otherwise - if some are okay and expected - I'll go through at some point and 
triage the ones that are probably legit bugs.

Ron

On Sun, 3 Jun 2012 21:36:12 -0500 Daniel Miller<bonsaiviking () gmail com>  wrote:

List,

Decided to hunt bugs again, by running a debugging scan on my network
(sudo ./nmap -A --script 'default or (safe and discovery)' -d5 -sU -sS
-sY --log-errors 192.168.1.0/24 -T4 -oA ../test). Here are the bugs I
came up with (patches attached):

Fix bug in traceroute-geolocation: ipops

./scripts/traceroute-geolocation.nse:100: variable 'ipops' is not
declared
stack traceback:
     [C]: in function 'error'
     ./nselib/strict.lua:80: in function '__index'
     ./scripts/traceroute-geolocation.nse:100: in function
     <./scripts/traceroute-geolocation.nse:82>
     (...tail calls...)

----
Fix bug in dns.encodeFQDN

In lexmark-config.nse, dns.query is called with "" as the first
argument, which breaks dns.lua, resulting in this error:

./nselib/dns.lua:768: attempt to concatenate a nil value
stack traceback:
     ./nselib/dns.lua:768: in function 'encodeQuestions'
     ./nselib/dns.lua:848: in function 'encode'
     ./nselib/dns.lua:318: in function 'query'
     ./scripts/lexmark-config.nse:66: in function
<./scripts/lexmark-config.nse:56>
     (...tail calls...)

Fixed by returning \0 byte from encodeFQDN if the name passed in is
the empty string. Not sure how this will work, but it shouldn't throw
exceptions, at least.

----
A change had left an undeclared variable, func. Fix was to strip out
the test for existence of func, since that logic was based on
previously loading the function from a file, instead of the current
method of indexing into an object to get the function. Error was:

./scripts/wsdd-discover.nse:53: variable 'func' is not declared
stack traceback:
     [C]: in function 'error'
     ./nselib/strict.lua:80: in function '__index'
     ./scripts/wsdd-discover.nse:53: in function 'main'
     ./nse_main.lua:803: in function<./nse_main.lua:803>

---

Lastly, there's a bug with cups-queue-info (or possibly with the
ipp.lua library) that I can't hunt down at the moment. Perhaps with
access to a printer tomorrow I'll be able to hunt it down, but here's
the exception traceback:

NSE: 'cups-queue-info' (thread: 0xb04eae0) against 192.168.1.2:631
threw an error!
./scripts/cups-queue-info.nse:40: attempt to index upvalue 'ipp' (a
boolean value)
stack traceback:
         ./scripts/cups-queue-info.nse:40: in function
<./scripts/cups-queue-info.nse:39>
         (...tail calls...)

Dan

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: