Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE][patch] Fix bugs in http.lua and sslcert.lua

From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 11 Jun 2012 11:19:20 -0500
Hey List,
2 more bugs, with patches this time. First, parse_redirect in http.lua sometimes returns a url table without a path attribute, especially when parsing headers like this: 

Location: http://google.com

The exceptions happened in several different scripts:


./nselib/http.lua:952: attempt to concatenate local 'path' (a nil value)
stack traceback:
        ./nselib/http.lua:952: in function 'lookup_cache'
        ./nselib/http.lua:1395: in function 'get'
./scripts/http-auth.nse:54: in function <./scripts/http-auth.nse:49> 
        (...tail calls...)
./nselib/http.lua:952: attempt to concatenate local 'path' (a nil value)
stack traceback:
        ./nselib/http.lua:952: in function 'lookup_cache'
        ./nselib/http.lua:1395: in function 'get'
./scripts/http-title.nse:51: in function <./scripts/http-title.nse:47> 
        (...tail calls...)
./nselib/http.lua:952: attempt to concatenate local 'path' (a nil value)
stack traceback:
        ./nselib/http.lua:952: in function 'lookup_cache'
        ./nselib/http.lua:1395: in function 'get'
./scripts/http-title.nse:51: in function <./scripts/http-title.nse:47> 
        (...tail calls...)


Here is the fix: If u.path is not set, assume the root path ("/")

Index: nselib/http.lua
===================================================================
--- nselib/http.lua     (revision 28903)
+++ nselib/http.lua     (working copy)
@@ -1334,6 +1334,9 @@
     u.host, u.port = stdnse.get_hostname(host), port.number
u.path = ((u.path:sub(1,1) == "/" and "" ) or "/" ) .. u.path -- ensuring leading slash 
   end
+  if ( not(u.path) ) then
+    u.path = "/"
+  end
   if ( u.query ) then
     u.path = ("%s?%s"):format( u.path, u.query )
   end

The other bug was in sslcert.lua, and resulted in this exception:


./scripts/ssl-cert.nse:135: attempt to index local 'cert' (a nil value)
stack traceback:
        ./scripts/ssl-cert.nse:135: in function 'parseCertificate'
./scripts/ssl-cert.nse:168: in function <./scripts/ssl-cert.nse:162> 
        (...tail calls...)
The cert is returned a few lines earlier from sslcert.getCertificate(), which is supposed to return a false status on failure. I added a check for a nil certificate to that function, and returned false in that case: 

Index: nselib/sslcert.lua
===================================================================
--- nselib/sslcert.lua  (revision 28903)
+++ nselib/sslcert.lua  (working copy)
@@ -200,7 +200,10 @@
                end
     end
     local cert = socket:get_ssl_certificate()
-
+  if cert == nil then
+    return false, "Unable to get cert"
+  end
+
        host.registry["ssl-cert"] = host.registry["ssl-cert"] or {}
host.registry["ssl-cert"][port.number] = host.registry["ssl-cert"][port.number] or {} 
        host.registry["ssl-cert"][port.number] = cert
This should be the last of my bugfixes for today! Sorry for the flood of messages. 

Dan


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: