Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

NSE pathnames with backslash character error message bug

From: doug () hcsw org
Date: Tue, 22 Jan 2008 17:30:05 -0800
Hi all,

I'm trying to track down this problem:

o Fix cases of std::string() being used in ways which wrongly parse
  the data for escape sequences such as \n.  For an example, see
  log message of r6474 in svn.

I was able to reproduce the instance mentioned in the SVN message
by making a directory 'c:\nmap', putting a script to run in that
directory, making that script so it modifies a global value, and
using --script to run the script (along with -vvv -d).

The TODO entry is a misdiagnosis, however. It isn't std::string()
that is converting the characters into a newline. For some reason
that I haven't been able to tell yet, NSE converts these potential
error messages into lua code and then evaluates them. In this case:

        std::string buf =
         (std::string("err = \"Attempted to change the global '\" .. select(2, ...) .. \"' in ")
         + std::string(filename)
         + std::string(" - use nmap.registry if you really want to share data between scripts.\"")
         + std::string("error(err)"));

this builds the following lua code:

err = "Attempted to change the global '" .. select(2, ...) .. "' in ./c:\nmap/showSSHVersion.nse - use nmap.registry if 
you really want to share data between scripts."error(err)

So when lua parses this, "\n" is turned into a newline. Here is an
example of the incorrect error message:

SCRIPT ENGINE: [string "Global Access"]:1: Attempted to change the global 'tpglobal' in ./c:
map/showSSHVersion.nse - use nmap.registry if you really want to share data between scripts.

The most straightforward solution I can think of right now is to
escape backslashes (and, I think, characters like ' and ") for user
controlled data before it is passed to lua.

If anyone has a better idea, please let us know.

Best,

Doug

PS. Details on lua escaping:

http://www.lua.org/pil/2.4.html

Attachment: signature.asc
Description: Digital signature


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: