Nmap Development mailing list archives
[patch] Assorted NSE fixes
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 29 May 2012 12:42:06 -0500
List,I came across a few more issues with NSE scripts. First, the attached patch for the smb.lua library fixes an issue with scope shadowing where arguments passed to the start_ex function had the same names as functions that were called from within start_ex, resulting in errors like this:
NSE: ms-sql-info against 192.168.1.20 threw an error!./nselib/smb.lua:351: attempt to call local 'negotiate_protocol' (a boolean value)stack traceback: ./nselib/smb.lua:351: in function 'start_ex' ./nselib/smb.lua:3845: in function 'connect' ./nselib/mssql.lua:1659: in function 'ConnectToNamedPipe' ./nselib/mssql.lua:2098: in function 'DiscoverBySmb' ./nselib/mssql.lua:2151: in function 'Discover'./scripts/ms-sql-info.nse:238: in function <./scripts/ms-sql-info.nse:231>(...tail calls...)
The other 2 issues were small, so I'll inline the patches:dns-client-subnet-scan makes the mistake of returning a shortport portrule from within a portrule, rather than calling it:
--- a/scripts/dns-client-subnet-scan.nse +++ b/scripts/dns-client-subnet-scan.nse @@ -64,11 +64,11 @@ prerule = function() return true end -portrule = function() +portrule = function(host, port) if ( nmap.address_family() ~= "inet" ) then return false else- return shortport.port_or_service(53, "domain", {"tcp", "udp"}) + return shortport.port_or_service(53, "domain", {"tcp", "udp"})(host, port)
end endxmpp-info throws errors relating to passing nil to a format string because it defaults to host.targetname. I added a second default, host.name, which will always at least have a blank string. This adds another layer of "maybe it will work", and avoids the uncaught exception:
--- a/scripts/xmpp-info.nse +++ b/scripts/xmpp-info.nse @@ -518,7 +518,7 @@ endportrule = shortport.port_or_service({5222, 5269}, {"jabber", "xmpp-client", "xmpp-server"})
action = function(host, port)- local server_name = stdnse.get_script_args("xmpp-info.server_name") or host.targetname + local server_name = stdnse.get_script_args("xmpp-info.server_name") or host.targetname or host.name local alt_server_name = stdnse.get_script_args("xmpp-info.alt_server_name") or "."
local err_tmp = { {}, {} } local id_tls Also, I noticed an error from http-default-accounts:
NSE: http-default-accounts against 192.168.1.253:80 threw an error!./nselib/data/http-default-accounts-fingerprints.lua:45: variable 'http' is not declaredstack traceback: [C]: in function 'error' ./nselib/strict.lua:80: in function '__index'./nselib/data/http-default-accounts-fingerprints.lua:45: in function <./nselib/data/http-default-accounts-fingerprints.lua:44>(...tail calls...)./scripts/http-default-accounts.nse:275: in function <./scripts/http-default-accounts.nse:222>(...tail calls...)
I think this is related to changes in environment handling in Lua 5.2, but I can't dig into it right now. The short fix would be to add 'require "http"' to the top of the fingerprints file, but that might be more overhead than is necessary. A similar issue cropped up with the packetdecoders.lua file from broadcast-listener, so maybe all calls to loadfile should be checked.
Dan
Attachment:
smb-fix.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [patch] Assorted NSE fixes Daniel Miller (May 29)
- Re: [patch] Assorted NSE fixes Patrick Donnelly (May 29)
- Re: [patch] Assorted NSE fixes Daniel Miller (May 29)
- Re: [patch] Assorted NSE fixes David Fifield (May 29)
- Re: [patch] Assorted NSE fixes Patrick Donnelly (May 29)