Re: m|| versus m||s in nmap-service-probes

[doug () hcsw org]

Hi Lionel,

On Mon, Dec 10, 2007 at 11:19:31AM +0100 or thereabouts, Lionel Cons wrote:
> If I understood correctly, the patterns used in nmap-service-probes
> are matched using PCRE with no default option. This means that the dot
> character does _not_ match any character but only "any character
> except newline". If you want to match any character, you should use
> the "s" option, like in
>
>   match lexlmd m|^.\x08\0\0|s p/Lexmark language monitor/
>
> However, many patterns that seem to match binary data do not use the
> "s" option.

Yes, I agree that almost all of your match line suggestions
should have the s PCRE modifier however I think it might be
best to wait until after a stable release before making this
potentially tricky update.

For patterns that use .* on line based protocols, the s modifier
can potentially cause a lot more work for the PCRE engine so will
have to be done with care.

Thanks for the suggestion!

Doug

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org