grepable output bug

[MadHat Unspecific <madhat () unspecific com>]

I say bug, but not really...  In the output code there is a section:
        // How should we escape illegal chars in grepable output?
        // Well, a reasonably clean way would be backslash escapes
        // such as \/ and \\ .  // But that makes it harder to pick
        // out fields with awk, cut, and such.  So I'm gonna use the
        // ugly hat (fitting to grepable output) or replacing the '/'
        // character with '|' in the version and owner fields.

Well, another character that needs to be replaced in the output is the
',' (comma).  An example:

Host: 192.168.10.170 () Ports: 80/open/tcp//http//Apache httpd 2.0.54
((Debian GNU|Linux) PHP|5.2.0-8+etch9~bpo31+1)/,
8080/closed/tcp//http-proxy///, 8100/open/tcp//http//Zope 2.10.4-final
(python 2.4.4, linux2; ZServer|1.1)/    Ignored State: filtered (3997)  Seq
Index: 262      IP ID Seq: All zeros

# telnet 192.168.10.226 80
Trying 192.168.10.226...
Connected to 192.168.10.226.
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.0 200 OK
Server: Zope/(Zope 2.9.8-final, python 2.4.4, linux2) ZServer/1.1
Plone/2.5.4-2
Date: Mon, 19 Jan 2009 22:58:10 GMT
Content-Length: 3049
Content-Type: text/html; charset=iso-8859-15
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/REC-html40/loose.dtd";>

...

When I split the port on the ',' of course it messes up because of this.
 I added to the ugly hack.  I am in the process of changing my scripts
to use the XML output, but that will take some time, so I "fixed" the
problem.  the ',' does not need to be replaced, just removed.  All I did
was loop over the var again, same as before.  Not great but it works.
Patch:

--- nmap-4.76.orig/output.cc    2008-09-10 13:32:35.000000000 -0500
+++ nmap-4.76/output.cc 2009-01-20 07:41:27.420350073 -0600
@@ -782,6 +782,12 @@
          *p = '|';
          p++;
        }
+
+       p = grepvers;
+       while((p = strchr(p, ','))) {
+         p++;
+       }
+
        if (!current->owner) *grepown = '\0';
        else {
          Strncpy(grepown, current->owner,
@@ -791,6 +797,11 @@
            *p = '|';
            p++;
          }
+
+         p = grepown;
+         while((p = strchr(p, ','))) {
+           p++;
+         }
        }
        if (!sd.name) serviceinfo[0] = '\0';
        else {
@@ -799,6 +810,10 @@
            *p = '|';
            p++;
          }
+         p = serviceinfo;
+         while((p = strchr(p, ','))) {
+           p++;
+         }
        }
        log_write(LOG_MACHINE,"%d/%s/%s/%s/%s/%s/%s/", current->portno, state,
                  protocol, grepown, serviceinfo, rpcmachineinfo, grepvers);







-- 
MadHat (at) Unspecific.com
"The true man wants two things: danger and play.
 For that reason he wants woman, as the most dangerous plaything."
                          - Friedrich Nietzsche


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org