Nmap Development mailing list archives

--script-updatedb path sep strangeness

From: jah <jah () zadkiel plus com>
Date: Wed, 29 Apr 2009 21:02:30 +0100

Hi folks,

On windows, after a --script-updatedb, the script filenames in script.db
have a leading backslash.  This causes an error such as:

NSE: failed to initialize the script engine:
C:\Program Files\Nmap\nse_main.lua:385: ♀tp-anon.nse is not a file!
stack traceback:
        [C]: in function 'assert'
        C:\Program Files\Nmap\nse_main.lua:385: in function
'get_chosen_scripts'

        C:\Program Files\Nmap\nse_main.lua:541: in main chunk
        [C]: ?

(that's the symbol for Venus in place of the f in ftp-anon)

I tracked this down to a Lua pattern in the const char load_db[] in
nse_main.cc script-updatedb().
The pattern:
local basename = assert(match(script, '[/\\]?([^/\\]-%.nse)$'))\n

I found that when the Lua code this char represents is run, the pattern
becomes: '[/]?([^/]-%.nse)$'
so something has eaten the backslashes in the pattern (perhaps in
luaL_loadstring()) and so it captures the script filename with a leading
slash.
Adding a third backslash makes no difference, but adding a fourth:
'[/\\\\]?([^/\\\\]-%.nse)$' does the trick.

The attached patch is for this purpose, but I haven't committed it as I
wonder whether this strangeness might allude to some other problem
-perhaps the string is being interpreted twice.

Regards,

jah

--- nse_main.cc.orig    2009-04-29 20:24:57.562500000 +0100
+++ nse_main.cc 2009-04-29 20:23:50.062500000 +0100
@@ -333,7 +333,7 @@
     "  local categories = rawget(env, 'categories')\n"
     "  assert(type(categories) == 'table', script.."
     "    ' categories field is not a table')\n"
-    "  local basename = assert(match(script, '[/\\]?([^/\\]-%.nse)$'))\n"
+    "  local basename = assert(match(script, '[/\\\\]?([^/\\\\]-%.nse)$'))\n"
     "  table.sort(categories)\n"
     "  for j, category in ipairs(categories) do\n"
     "    db:write('Entry { category = \"', lower(category),"


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

--script-updatedb path sep strangeness jah (Apr 29)
- Re: --script-updatedb path sep strangeness jah (Apr 29)
- Re: --script-updatedb path sep strangeness Patrick Donnelly (Apr 29)
  - Re: --script-updatedb path sep fixed jah (Apr 29)