Nmap Development mailing list archives
[NSE][patch] Fix bugs in http.lua and sslcert.lua
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 11 Jun 2012 11:19:20 -0500
Hey List,2 more bugs, with patches this time. First, parse_redirect in http.lua sometimes returns a url table without a path attribute, especially when parsing headers like this:
Location: http://google.com The exceptions happened in several different scripts:
./nselib/http.lua:952: attempt to concatenate local 'path' (a nil value) stack traceback: ./nselib/http.lua:952: in function 'lookup_cache' ./nselib/http.lua:1395: in function 'get'./scripts/http-auth.nse:54: in function <./scripts/http-auth.nse:49>(...tail calls...) ./nselib/http.lua:952: attempt to concatenate local 'path' (a nil value) stack traceback: ./nselib/http.lua:952: in function 'lookup_cache' ./nselib/http.lua:1395: in function 'get'./scripts/http-title.nse:51: in function <./scripts/http-title.nse:47>(...tail calls...) ./nselib/http.lua:952: attempt to concatenate local 'path' (a nil value) stack traceback: ./nselib/http.lua:952: in function 'lookup_cache' ./nselib/http.lua:1395: in function 'get'./scripts/http-title.nse:51: in function <./scripts/http-title.nse:47>(...tail calls...)
Here is the fix: If u.path is not set, assume the root path ("/") Index: nselib/http.lua =================================================================== --- nselib/http.lua (revision 28903) +++ nselib/http.lua (working copy) @@ -1334,6 +1334,9 @@ u.host, u.port = stdnse.get_hostname(host), port.numberu.path = ((u.path:sub(1,1) == "/" and "" ) or "/" ) .. u.path -- ensuring leading slash
end + if ( not(u.path) ) then + u.path = "/" + end if ( u.query ) then u.path = ("%s?%s"):format( u.path, u.query ) end The other bug was in sslcert.lua, and resulted in this exception:
./scripts/ssl-cert.nse:135: attempt to index local 'cert' (a nil value) stack traceback: ./scripts/ssl-cert.nse:135: in function 'parseCertificate'./scripts/ssl-cert.nse:168: in function <./scripts/ssl-cert.nse:162>(...tail calls...)
The cert is returned a few lines earlier from sslcert.getCertificate(), which is supposed to return a false status on failure. I added a check for a nil certificate to that function, and returned false in that case:
Index: nselib/sslcert.lua =================================================================== --- nselib/sslcert.lua (revision 28903) +++ nselib/sslcert.lua (working copy) @@ -200,7 +200,10 @@ end end local cert = socket:get_ssl_certificate() - + if cert == nil then + return false, "Unable to get cert" + end + host.registry["ssl-cert"] = host.registry["ssl-cert"] or {}host.registry["ssl-cert"][port.number] = host.registry["ssl-cert"][port.number] or {}
host.registry["ssl-cert"][port.number] = certThis should be the last of my bugfixes for today! Sorry for the flood of messages.
Dan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE][patch] Fix bugs in http.lua and sslcert.lua Daniel Miller (Jun 11)
- Re: [NSE][patch] Fix bugs in http.lua and sslcert.lua Patrik Karlsson (Jun 15)