Nmap Development mailing list archives
[NSE][patch] Bug in dns-nsec3-enum (0 answers returned)
From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 13 Jun 2012 11:02:46 -0500
Hey list, Trying out the new dns-nsec3-enum script, I came across this error:
NSE: dns.query() got zero responses attempting to resolve query: frmdaaon.X.X NSE: 'dns-nsec3-enum' (thread: 0x8bdf2b8) against X.X.X.X:53 threw an error! ./scripts/dns-nsec3-enum.nse:149: bad argument #1 to 'ipairs' (table expected, got nil)For some reason, the DNS server I'm testing occasionally gives empty responses. The patch below adds a check for the status return value from dns.query(), avoiding checks if there is an error. It may be preferable to quit upon receiving an error, but I don't know if that would miss any records. In my tests, 0-answer responses usually came well after the script had stopped finding records.stack traceback: [C]: in function 'ipairs' ./scripts/dns-nsec3-enum.nse:149: in function 'auth_filter' ./scripts/dns-nsec3-enum.nse:220: in function 'query_for_hashes' ./scripts/dns-nsec3-enum.nse:321: in function 'enum'./scripts/dns-nsec3-enum.nse:418: in function <./scripts/dns-nsec3-enum.nse:403>(...tail calls...)
Index: scripts/dns-nsec3-enum.nse =================================================================== --- scripts/dns-nsec3-enum.nse (revision 28928) +++ scripts/dns-nsec3-enum.nse (working copy) @@ -216,6 +216,7 @@ local result local ranges = {}status, result = dns.query(subdomain, {host = host.ip, dtype='NSEC3', retAll=true, retPkt=true, dnssec=true})
+ if status then for _, nsec3 in ipairs(auth_filter(result, "NSEC3")) do h1 = string.lower(remove_suffix(nsec3.dname,domain)) h2 = string.lower(nsec3.hash.base32) @@ -225,6 +226,9 @@ end ranges[h1] = h2 end + else + stdnse.print_debug(1, "DNS error: %s", result) + end return ranges endI would also like to point out that I've been noticing folks using hard tabs in NSE scripts. I was under the impression (and had set it so in my .vimrc) that the coding style for NSE scripts was to be 2 spaces per level of indentation, not tabs. For clarity, I ignored whitespace for this patch (svn diff -x -b). Just curious if this changed or doesn't matter.
Dan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE][patch] Bug in dns-nsec3-enum (0 answers returned) Daniel Miller (Jun 13)
- Re: [NSE][patch] Bug in dns-nsec3-enum (0 answers returned) Aleksandar Nikolic (Jun 13)
- Re: [NSE][patch] Bug in dns-nsec3-enum (0 answers returned) David Fifield (Jun 13)
- Re: [NSE][patch] Bug in dns-nsec3-enum (0 answers returned) Aleksandar Nikolic (Jun 14)