Re: [NSE][patch] Bug in dns-nsec3-enum (0 answers returned)

[Aleksandar Nikolic <nikolic.alek () gmail com>]

Thanks for the patch , I haven't came across this issue while testing.
Will apply it.

As for tabs vs spaces, I am sorry, I was unaware of that.
Will fix that to.


Thanks,
Aleksandar

On Wed, Jun 13, 2012 at 6:02 PM, Daniel Miller <bonsaiviking () gmail com> wrote:
> Hey list,
>
> Trying out the new dns-nsec3-enum script, I came across this error:
> > NSE: dns.query() got zero responses attempting to resolve query:
> > frmdaaon.X.X
> > NSE: 'dns-nsec3-enum' (thread: 0x8bdf2b8) against X.X.X.X:53 threw an
> > error!
> > ./scripts/dns-nsec3-enum.nse:149: bad argument #1 to 'ipairs' (table
> > expected, got nil)
> > stack traceback:
> >    [C]: in function 'ipairs'
> >    ./scripts/dns-nsec3-enum.nse:149: in function 'auth_filter'
> >    ./scripts/dns-nsec3-enum.nse:220: in function 'query_for_hashes'
> >    ./scripts/dns-nsec3-enum.nse:321: in function 'enum'
> >    ./scripts/dns-nsec3-enum.nse:418: in function
> > <./scripts/dns-nsec3-enum.nse:403>
> >    (...tail calls...)
>
> For some reason, the DNS server I'm testing occasionally gives empty
> responses. The patch below adds a check for the status return value from
> dns.query(), avoiding checks if there is an error. It may be preferable to
> quit upon receiving an error, but I don't know if that would miss any
> records. In my tests, 0-answer responses usually came well after the script
> had stopped finding records.
>
> Index: scripts/dns-nsec3-enum.nse
> ===================================================================
> --- scripts/dns-nsec3-enum.nse    (revision 28928)
> +++ scripts/dns-nsec3-enum.nse    (working copy)
> @@ -216,6 +216,7 @@
>     local result
>     local ranges = {}
>     status, result = dns.query(subdomain, {host = host.ip, dtype='NSEC3',
> retAll=true, retPkt=true, dnssec=true})
> +  if status then
>     for _, nsec3 in ipairs(auth_filter(result, "NSEC3")) do
>         h1 = string.lower(remove_suffix(nsec3.dname,domain))
>         h2 = string.lower(nsec3.hash.base32)
> @@ -225,6 +226,9 @@
>         end
>         ranges[h1] = h2
>     end
> +  else
> +    stdnse.print_debug(1, "DNS error: %s", result)
> +  end
>
>     return ranges
>  end
>
> I would also like to point out that I've been noticing folks using hard tabs
> in NSE scripts. I was under the impression (and had set it so in my .vimrc)
> that the coding style for NSE scripts was to be 2 spaces per level of
> indentation, not tabs. For clarity, I ignored whitespace for this patch (svn
> diff -x -b). Just curious if this changed or doesn't matter.
>
> Dan
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/