Nmap Development mailing list archives
Re: [nmap-svn] r32678 - nmap
From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 29 Jan 2014 07:07:01 -0600
Fixed in r32679 Author: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419> Date: Wed Jan 29 13:24:30 2014 +0000 Fix a bug introduced in r32678 string.gsub returns 2 values, the new string and the number of replacements made. It also has a 4th argument, the number of replacements to make. So when you use the return value of gsub as the 3rd argument, and no replacements were made, it instructs the next call to not make any replacements. Thanks to Ron Bowes for reporting this issue. git-svn-id: https://svn.nmap.org/nmap@32679 e0a8ed71-7df4-0310-8962-fdc924857419 diff --git a/nse_main.lua b/nse_main.lua index b64b57e..cdae16b 100644 --- a/nse_main.lua +++ b/nse_main.lua @@ -317,7 +317,8 @@ do local against = against_name(self.host, self.port); local function replace(fmt, pattern, repl) -- Escape each % twice: once for gsub, and once for print_debug. - return gsub(fmt, pattern, gsub(repl, "%%", "%%%%%%%%")); + local r = gsub(repl, "%%", "%%%%%%%%") + return gsub(fmt, pattern, r); end if debugging() > 1 then fmt = replace(fmt, "%%THREAD_AGAINST", self.info..against); On Mon, Jan 27, 2014 at 10:10 PM, Ron <ron () skullsecurity net> wrote:
Hey, This patch is causing me issues: NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 4) scan. NSE: Script Engine Scan Aborted. An error was thrown by the engine: /home/ron/tools/nmap/nse_main.lua:210: bad argument #2 to 'format' (no value) stack traceback: [C]: in function 'format' /home/ron/tools/nmap/nse_main.lua:210: in function 'print_debug' /home/ron/tools/nmap/nse_main.lua:329: in function 'd' /home/ron/tools/nmap/nse_main.lua:381: in function 'start' /home/ron/tools/nmap/nse_main.lua:916: in function 'run' /home/ron/tools/nmap/nse_main.lua:1394: in function </home/ron/tools/nmap/nse_main.lua:1297> [C]: in ? I tried to debug, but I don't see what's going on. Ron On 2014-01-27 22:56, commit-mailer () nmap org wrote:Author: david Date: Mon Jan 27 22:56:29 2014 New Revision: 32678 Log: Escape '%' in arguments to Thread:d. A user reported this crash when scanning a target whose name contained the '%' character: NSE: Script Engine Scan Aborted. An error was thrown by the engine: nse_main.lua:322: invalid capture index stack traceback: [C]: in function 'gsub' nse_main.lua:322: in function 'd' nse_main.lua:377: in function 'start' nse_main.lua:912: in function 'run' nse_main.lua:1390: in function <nse_main.lua:1293> [C]: in ? I'm not sure how a name with '%' got resolved, but I was able to reproduce the crash by adding this line to /etc/hosts: 127.0.0.1 a%40b and then running ./nmap --script=banner a%40b -d --top-ports 5 The gsub function recognizes "%d", where d is a digit, as a capture index. The constructed string is then passed to print_debug, which is like printf. Therefore we escape every occurrence of "%" twice, to get "%%%%". Modified: nmap/nse_main.lua Modified: nmap/nse_main.lua ============================================================================== --- nmap/nse_main.lua (original) +++ nmap/nse_main.lua Mon Jan 27 22:56:29 2014 @@ -315,12 +315,16 @@ -- Changes "%THREAD" with an appropriate identifier for the debug level function Thread:d (fmt, ...) local against = against_name(self.host, self.port); + local function replace(fmt, pattern, repl) + -- Escape each % twice: once for gsub, and once for print_debug. + return gsub(fmt, pattern, gsub(repl, "%%", "%%%%%%%%")); + end if debugging() > 1 then - fmt = gsub(fmt, "%%THREAD_AGAINST", self.info..against); - fmt = gsub(fmt, "%%THREAD", self.info); + fmt = replace(fmt, "%%THREAD_AGAINST", self.info..against); + fmt = replace(fmt, "%%THREAD", self.info); else - fmt = gsub(fmt, "%%THREAD_AGAINST", self.short_basename..against); - fmt = gsub(fmt, "%%THREAD", self.short_basename); + fmt = replace(fmt, "%%THREAD_AGAINST", self.short_basename..against); + fmt = replace(fmt, "%%THREAD", self.short_basename); end print_debug(1, fmt, ...); end _______________________________________________ Sent through the svn mailing list http://nmap.org/mailman/listinfo/svn_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap-svn] r32678 - nmap Ron (Jan 27)
- Re: [nmap-svn] r32678 - nmap Daniel Miller (Jan 29)