Nmap Development mailing list archives

Re: [nmap-svn] r36162 - nmap/nselib/data

From: nnposter <nnposter () users sourceforge net>
Date: Mon, 22 Aug 2016 14:08:39 -0600

On 8/22/16 1:26 PM, Daniel Miller wrote:



On Mon, Aug 22, 2016 at 12:33 PM, nnposter
<nnposter () users sourceforge net <mailto:nnposter () users sourceforge net>>
wrote:


    > The other option you mentioned directly to me was: local _, openssl =
    > pcall(require, "openssl"); This option should not be used, since "_" is
    > considered a throwaway variable name; It could easily be overwritten,
    > and code that tests it doesn't make sense. So it would open us up to
    > crashes when someone writes unconditional code that tries to index the
    > nonexistent openssl library.

    I do not believe that my example...

        local _, openssl = pcall(require, 'openssl')
        ...
        if openssl and openssl.md5 then

    ...had any dependency on "_", namely there was no explicit or implicit
    "code that tests it", so I am not quite sure that I understand your
    point.

    To satisfy my curiosity, could you please point out what specifically
    would be wrong with the example? (To make it clear, I am not opposed to
    option #3; I have used it in the original commit after all. I am just
    trying to understand the pitfalls with option #4.)


Sure. Since any of these will work if openssl is present, we'll ignore
that case. If it is *not* present, pcall will hide any error, instead
returning false and an error message, so that _ is false and openssl is
a string. The code will happily cruise along, executing requests or
otherwise using resources until it reaches a line containing
openssl.somefunction(), at which it will give the error "attempt to call
a nil value (field 'somefunction')".


Got it. I did not realize that openssl would have a non-nil value under
these circumstances.

Thank you for the explanation,
nnposter
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: [nmap-svn] r36162 - nmap/nselib/data Daniel Miller (Aug 22)
- Re: [nmap-svn] r36162 - nmap/nselib/data nnposter (Aug 22)
  - Re: [nmap-svn] r36162 - nmap/nselib/data Patrick Donnelly (Aug 22)
  - Re: [nmap-svn] r36162 - nmap/nselib/data Daniel Miller (Aug 22)
    - Re: [nmap-svn] r36162 - nmap/nselib/data nnposter (Aug 22)