[NSE] nmap.fetchfile and absolute paths

[jah <jah () zadkiel plus com>]

Hi folks,

nmap.fetchfile() as used in NSE doesn't handle absolute paths - did it
ever? - would we like it to?
There's nse_fetchfile_absolute() in nse_fs.cc which used to be called by
fetchfile_absolute() in the now mostly defunct nse_main.cc, but is
otherwise unused at the moment.
NSE now calls l_fetchfile() in nse_nmaplib.cc which calls the main
nmap_fetchfile() in nmap.cc and it looks to me like absolute filepaths
handling may have disappeared with the change to using this function (I
could be wrong).

Any script which allows --script-args /path/to/some/resource
(apache-userdir-enum.nse for instance) could make use of an nse
nmap.fetchfile() that handles absolute paths, either directly or via
datafiles.lua

Vlatko noticed the same 'deficiency' in Ncrack and a similar patch
(attached) could be used for the main nmap_fetchfile() in nmap.cc though
this might be undesirable given that this function handles all of Nmap's
datafiles fetching and is quite cautious about the way it does so.

Should we reinstate the nse_fs.cc functions instead?

Regards,

jah

--- nmap.cc.orig        2009-08-11 01:40:08.312500000 +0100
+++ nmap.cc     2009-08-10 22:48:02.890625000 +0100
@@ -2944,6 +2944,13 @@
   }
 
   if (!foundsomething) {
+    res = Snprintf(filename_returned, bufferlen, "%s", file);
+    if (res > 0 && res < bufferlen) {
+      foundsomething = fileexistsandisreadable(filename_returned);
+    }
+  }
+
+  if (!foundsomething) {
     filename_returned[0] = '\0';
   }
 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org