Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Service fingerprints blog entry

From: doug () hcsw org
Date: Thu, 26 Feb 2009 01:57:49 +0000
On Wed, Feb 25, 2009 at 11:26:38PM +0000 or thereabouts, Brandon Enright wrote:

Hey Doug, always a good read.


Thanks. :)


I noticed that in the last few days I've been getting assertion
failures due to this commit.  David was able to track it down to line
4629:

match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Virata-EmWeb/R([\d_]+)\r\nContent-Type: text/html; 
?charset=UTF-8\r\nExpires: .*<title>HP (Color )?LaserJet ([\w-_. ]+)&nbsp;&nbsp;&nbsp;|si p/HP $2LaserJet $3 printer 
http config/ i/Virata httpd $1/ d/printer/

I have a printer (132.239.149.197:80) causing this match to crash.  The
issue is that the (Color ?) match is optional but is used as $2 even in
cases where it was not matched.

David suggested changing the match line to this:

match http m#^HTTP/1\.1 \d\d\d .*\r\nServer: Virata-EmWeb/R([\d_]+)\r\nContent-Type: text/html; 
?charset=UTF-8\r\nExpires: .*<title>HP (Color |)LaserJet ([\w-_. ]+)&nbsp;&nbsp;&nbsp;#si p/HP $2LaserJet $3 printer 
http config/ i/Virata httpd $1/ d/printer/

Which does, indeed, fix the issue.  Rather than check this fix in,
David suggested sending a note to you so you can comment on your
preferred way to fix the problem.  Are you okay with using the '#'
delimiter, etc?


Oops that was my mistake sorry. I thought that a non-capture was
converted to an empty string by nmap. I've committed the fix and
I'm just checking that no other match lines have this problem.
Many match lines do use optional captures but hopefully only
never when any captures happen after the optional capture. Example:

match http m|^<html>\n<title>DES-(\w+) +(Login)?</title>\n| p/D-Link DES-$1 switch http config/ d/switch/

I usually use the = character in such cases but there was an =
in the match line here so can't use that. Interesting that # will
work. I was always scared about using that because of interference
from the comment character #. I committed with %.

Thanks Brandon and David.

Doug

Attachment: _bin
Description: 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: