Nmap Development mailing list archives
NSE pathnames with backslash character error message bug
From: doug () hcsw org
Date: Tue, 22 Jan 2008 17:30:05 -0800
Hi all, I'm trying to track down this problem: o Fix cases of std::string() being used in ways which wrongly parse the data for escape sequences such as \n. For an example, see log message of r6474 in svn. I was able to reproduce the instance mentioned in the SVN message by making a directory 'c:\nmap', putting a script to run in that directory, making that script so it modifies a global value, and using --script to run the script (along with -vvv -d). The TODO entry is a misdiagnosis, however. It isn't std::string() that is converting the characters into a newline. For some reason that I haven't been able to tell yet, NSE converts these potential error messages into lua code and then evaluates them. In this case: std::string buf = (std::string("err = \"Attempted to change the global '\" .. select(2, ...) .. \"' in ") + std::string(filename) + std::string(" - use nmap.registry if you really want to share data between scripts.\"") + std::string("error(err)")); this builds the following lua code: err = "Attempted to change the global '" .. select(2, ...) .. "' in ./c:\nmap/showSSHVersion.nse - use nmap.registry if you really want to share data between scripts."error(err) So when lua parses this, "\n" is turned into a newline. Here is an example of the incorrect error message: SCRIPT ENGINE: [string "Global Access"]:1: Attempted to change the global 'tpglobal' in ./c: map/showSSHVersion.nse - use nmap.registry if you really want to share data between scripts. The most straightforward solution I can think of right now is to escape backslashes (and, I think, characters like ' and ") for user controlled data before it is passed to lua. If anyone has a better idea, please let us know. Best, Doug PS. Details on lua escaping: http://www.lua.org/pil/2.4.html
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NSE pathnames with backslash character error message bug doug (Jan 22)
- Re: NSE pathnames with backslash character error message bug Kris Katterjohn (Jan 22)
- Re: NSE pathnames with backslash character error message bug doug (Jan 27)