Nmap Development mailing list archives
Re: showHTMLTitle.nse PANIC bug on windows - Title got truncated!
From: David Fifield <david () bamsoftware com>
Date: Tue, 20 Nov 2007 22:16:16 -0700
On Tue, Nov 13, 2007 at 06:00:18PM -0800, Fyodor wrote:
On Fri, Nov 09, 2007 at 01:40:33PM -0600, gabriel () gsource org wrote:Initiating Parallel DNS resolution of 150 hosts. at 13:22 Completed Parallel DNS resolution of 150 hosts. at 13:22, 6.53s elapsed SCRIPT ENGINE: Initiating script scanning. Initiating SCRIPT ENGINE at 13:22 SCRIPT ENGINE Timing: About 17.02% done; ETC: 13:25 (0:02:26 remaining) SCRIPT ENGINE DEBUG: showHTMLTitle.nse: Title got truncated! SCRIPT ENGINE Timing: About 34.04% done; ETC: 13:25 (0:01:56 remaining) PANIC: unprotected error in call to Lua API (C:\Program Files\Nmap\scripts\showH TMLTitle.nse:32: bad argument #3 to 'connect' (Sorry, you don't have OpenSSL.)) C:\temp>Hi Gabriel. Thanks for the report. I can reproduce this by script scanning an SSL scanner from Windows (e.g. "nmap -p443 -P0 -sC -d www.amazon.com"). One difference though is that my Nmap doesn't crash--just that script bails out. Presumably the same thing would happen on Unix if compiled --without-openssl. I think the script (showHTMLTitle.nse) just needs to be modified to skip ssl servers if OpenSSL is not available. Does anyone have an idea for the best way to do this? Perhaps there should be (or already is?) a way to query for this information. Or maybe the script just needs to look for tye "you don't have OpenSSL" error from socket:connect().
I am not able to reproduce the panic with 4.22SOC8 or current SVN on Linux or Windows XP. Instead, I just get SCRIPT ENGINE: ./scripts/showHTMLTitle.nse:32: bad argument #3 to 'connect' (Sorry, you don't have OpenSSL.) Nmap keeps running and other scripts are not affected. Nevertheless, the attached patch adds a new NSE function nmap.have_ssl and modifies showHTMLTitle.nse not to run if a port uses SSL but SSL is not available. I would add it right away except that I'm concerned about polluting the "nmap." namespace. Are there long-term guidelines for what kinds of functions can be defined? If nobody objects I'll commit this tomorrow. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- showHTMLTitle.nse PANIC bug on windows - Title got truncated! gabriel (Nov 09)
- Re: showHTMLTitle.nse PANIC bug on windows - Title got truncated! Fyodor (Nov 13)
- Re: showHTMLTitle.nse PANIC bug on windows - Title got truncated! Kris Katterjohn (Nov 14)
- Re: showHTMLTitle.nse PANIC bug on windows - Title got truncated! David Fifield (Nov 20)
- Re: showHTMLTitle.nse PANIC bug on windows - Title got truncated! David Fifield (Nov 20)
- Re: showHTMLTitle.nse PANIC bug on windows - Title got truncated! Fyodor (Nov 13)