Nmap Development mailing list archives

[NSE][patch] Bug in dns-nsec3-enum (0 answers returned)

From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 13 Jun 2012 11:02:46 -0500

Hey list,

Trying out the new dns-nsec3-enum script, I came across this error:

NSE: dns.query() got zero responses attempting to resolve query:frmdaaon.X.XNSE: 'dns-nsec3-enum' (thread: 0x8bdf2b8) against X.X.X.X:53 threw anerror!./scripts/dns-nsec3-enum.nse:149: bad argument #1 to 'ipairs' (tableexpected, got nil)
stack traceback:
    [C]: in function 'ipairs'
    ./scripts/dns-nsec3-enum.nse:149: in function 'auth_filter'
    ./scripts/dns-nsec3-enum.nse:220: in function 'query_for_hashes'
    ./scripts/dns-nsec3-enum.nse:321: in function 'enum'
./scripts/dns-nsec3-enum.nse:418: in function<./scripts/dns-nsec3-enum.nse:403>
    (...tail calls...)

For some reason, the DNS server I'm testing occasionally gives emptyresponses. The patch below adds a check for the status return value fromdns.query(), avoiding checks if there is an error. It may be preferableto quit upon receiving an error, but I don't know if that would miss anyrecords. In my tests, 0-answer responses usually came well after thescript had stopped finding records.


Index: scripts/dns-nsec3-enum.nse
===================================================================
--- scripts/dns-nsec3-enum.nse    (revision 28928)
+++ scripts/dns-nsec3-enum.nse    (working copy)
@@ -216,6 +216,7 @@
     local result
     local ranges = {}

status, result = dns.query(subdomain, {host = host.ip,dtype='NSEC3', retAll=true, retPkt=true, dnssec=true})

+  if status then
     for _, nsec3 in ipairs(auth_filter(result, "NSEC3")) do
         h1 = string.lower(remove_suffix(nsec3.dname,domain))
         h2 = string.lower(nsec3.hash.base32)
@@ -225,6 +226,9 @@
         end
         ranges[h1] = h2
     end
+  else
+    stdnse.print_debug(1, "DNS error: %s", result)
+  end

     return ranges
 end

I would also like to point out that I've been noticing folks using hardtabs in NSE scripts. I was under the impression (and had set it so in my.vimrc) that the coding style for NSE scripts was to be 2 spaces perlevel of indentation, not tabs. For clarity, I ignored whitespace forthis patch (svn diff -x -b). Just curious if this changed or doesn't matter.


Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE][patch] Bug in dns-nsec3-enum (0 answers returned) Daniel Miller (Jun 13)
- Re: [NSE][patch] Bug in dns-nsec3-enum (0 answers returned) Aleksandar Nikolic (Jun 13)
- Re: [NSE][patch] Bug in dns-nsec3-enum (0 answers returned) David Fifield (Jun 13)
  - Re: [NSE][patch] Bug in dns-nsec3-enum (0 answers returned) Aleksandar Nikolic (Jun 14)