Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: mcafee-epo-agent.nse bug

From: Patrik Karlsson <patrik () cqure net>
Date: Sun, 5 Aug 2012 09:15:45 +0200
On Sun, Aug 5, 2012 at 7:46 AM, Henri Doreau <henri.doreau () gmail com> wrote:


2012/8/5 Ron <ron () skullsecurity net>:

Hey,

I'm not sure if this is the best solution, but do you want to try the
attached patch and see if it works?

Ron


Shouldn't this be a stdnse.silent_require("openssl") instead?

Regards.

--
Henri
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



I believe there are two separate approaches;
1. Use silent_require which makes the script silent fail executing if the
library isn't present
2. Call the require in a pcall to detect if it would fail or not and then
set a variable that can be checked by functions that either require or
optionally support SSL. Like in the afp library, there are a bunch of
methods that can be run that do not require SSL, but if you do call the
login method without the SSL library it will return an error.

In terms of http.lua, I'm seeing;
local have_ssl = (nmap.have_ssl() and pcall(require, "openssl"))

So in this case it may be sufficient to just remove the require "openssl" a
few lines up.
This controls whether openssl.md5 is called in clean_404 or not.
I'm not sure how comm.tryssl will work though?

Cheers,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: