[patch] Assorted NSE fixes

[Daniel Miller <bonsaiviking () gmail com>]

List,

I came across a few more issues with NSE scripts. First, the attached 
patch for the smb.lua library fixes an issue with scope shadowing where 
arguments passed to the start_ex function had the same names as 
functions that were called from within start_ex, resulting in errors 
like this:
> NSE: ms-sql-info against 192.168.1.20 threw an error!
> ./nselib/smb.lua:351: attempt to call local 'negotiate_protocol' (a 
> boolean value)
> stack traceback:
>         ./nselib/smb.lua:351: in function 'start_ex'
>         ./nselib/smb.lua:3845: in function 'connect'
>         ./nselib/mssql.lua:1659: in function 'ConnectToNamedPipe'
>         ./nselib/mssql.lua:2098: in function 'DiscoverBySmb'
>         ./nselib/mssql.lua:2151: in function 'Discover'
>         ./scripts/ms-sql-info.nse:238: in function 
> <./scripts/ms-sql-info.nse:231>
>         (...tail calls...)
The other 2 issues were small, so I'll inline the patches:

dns-client-subnet-scan makes the mistake of returning a shortport 
portrule from within a portrule, rather than calling it:

--- a/scripts/dns-client-subnet-scan.nse
+++ b/scripts/dns-client-subnet-scan.nse
@@ -64,11 +64,11 @@ prerule = function()
        return true
 end

-portrule = function()
+portrule = function(host, port)
        if ( nmap.address_family() ~= "inet" ) then
                return false
        else
-               return shortport.port_or_service(53, "domain", {"tcp", 
"udp"})
+               return shortport.port_or_service(53, "domain", {"tcp", 
"udp"})(host, port)
        end
 end

xmpp-info throws errors relating to passing nil to a format string 
because it defaults to host.targetname. I added a second default, 
host.name, which will always at least have a blank string. This adds 
another layer of "maybe it will work", and avoids the uncaught exception:

--- a/scripts/xmpp-info.nse
+++ b/scripts/xmpp-info.nse
@@ -518,7 +518,7 @@ end

 portrule = shortport.port_or_service({5222, 5269}, {"jabber", 
"xmpp-client", "xmpp-server"})
 action = function(host, port)
-    local server_name = stdnse.get_script_args("xmpp-info.server_name") 
or host.targetname
+    local server_name = stdnse.get_script_args("xmpp-info.server_name") 
or host.targetname or host.name
     local alt_server_name = 
stdnse.get_script_args("xmpp-info.alt_server_name") or "."
     local err_tmp = { {}, {} }
     local id_tls



Also, I noticed an error from http-default-accounts:
> NSE: http-default-accounts against 192.168.1.253:80 threw an error!
> ./nselib/data/http-default-accounts-fingerprints.lua:45: variable 
> 'http' is not declared
> stack traceback:
>         [C]: in function 'error'
>         ./nselib/strict.lua:80: in function '__index'
>         ./nselib/data/http-default-accounts-fingerprints.lua:45: in 
> function <./nselib/data/http-default-accounts-fingerprints.lua:44>
>         (...tail calls...)
>         ./scripts/http-default-accounts.nse:275: in function 
> <./scripts/http-default-accounts.nse:222>
>         (...tail calls...)

I think this is related to changes in environment handling in Lua 5.2, 
but I can't dig into it right now. The short fix would be to add 
'require "http"' to the top of the fingerprints file, but that might be 
more overhead than is necessary. A similar issue cropped up with the 
packetdecoders.lua file from broadcast-listener, so maybe all calls to 
loadfile should be checked.

Dan

Attachment: smb-fix.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/