Re: Service fingerprints blog entry

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 25 Feb 2009 03:37:58 +0000
doug () hcsw org wrote:

> Hi nmap-dev,
>
> I just posted a blog entry about integrating the last
> 6 months or so of service fingerprints:
>
> http://hcsw.org/blog.pl/37
>
> As always, big thanks to everyone who contributed.
>
> Doug

Hey Doug, always a good read.

I noticed that in the last few days I've been getting assertion
failures due to this commit.  David was able to track it down to line
4629:

match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Virata-EmWeb/R([\d_]+)\r\nContent-Type: text/html; 
?charset=UTF-8\r\nExpires: .*<title>HP (Color )?LaserJet ([\w-_. ]+)&nbsp;&nbsp;&nbsp;|si p/HP $2LaserJet $3 printer 
http config/ i/Virata httpd $1/ d/printer/

I have a printer (132.239.149.197:80) causing this match to crash.  The
issue is that the (Color ?) match is optional but is used as $2 even in
cases where it was not matched.

David suggested changing the match line to this:

match http m#^HTTP/1\.1 \d\d\d .*\r\nServer: Virata-EmWeb/R([\d_]+)\r\nContent-Type: text/html; 
?charset=UTF-8\r\nExpires: .*<title>HP (Color |)LaserJet ([\w-_. ]+)&nbsp;&nbsp;&nbsp;#si p/HP $2LaserJet $3 printer 
http config/ i/Virata httpd $1/ d/printer/

Which does, indeed, fix the issue.  Rather than check this fix in,
David suggested sending a note to you so you can comment on your
preferred way to fix the problem.  Are you okay with using the '#'
delimiter, etc?

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkml07YACgkQqaGPzAsl94J3QwCfaG900qFSBTww52EAcJXSV4Ni
hA8Anjb5T0IkIA+k6d0mhuub/EcpH2ZS
=NEGX
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org