Subversion keywords in nmap-service-probes

[David Fifield <david () bamsoftware com>]

In r4784 of both /nmap and /nmap-exp/soc07/nmap, some new service probes
were merged in. Unfortunately, one of the new probes contains what
Subversion considers a $Revision$ keyword:

        match irc-proxy m|^:Notice!notice@shroudbnc\.org NOTICE \* :\*\*\* shroudBNC([\d.]+) \$Revision: (\d+) \$\r\n| 
p/ShroudBNC irc-proxy/ v/$1 revision $2/

You can see this line if you do "svn diff -c 4784", but if you look at
the file after a checkout, you'll see something like

        match irc-proxy m|^:Notice!notice@shroudbnc\.org NOTICE \* :\*\*\* shroudBNC([\d.]+) \$Revision: 4784 $2/

A little investigation shows that this has been worked around in the past:

        # Dots in Revision to prevent MY CVS from screwing it up
        match pop3 m|^\+OK ([-.+\w]+) NetMail POP3 Agent \$Re..sion: ([\d.]+) \$\r\n| p/Novell NetMail pop3d/ h/$1/ 
v/$2/ o/Unix/

It's possible to turn off keyword substituition altogether by setting
the svn:keywords property as described at
http://svnbook.red-bean.com/nightly/en/svn.advanced.props.special.keywords.html.
But that would keep the $Id$ keyword at the top of the file from
working. Allowing substitution only for $Id$ would be better, but would
still run the slight risk of that string appearing in a probe.

This phenomenon is easy to miss. I noticed it only when merging between
two different checkouts. Apparently Subversion canonicalizes keyword
strings on checkout or something, making the change appear in a diff.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org