Re: [NSE] Lotus Domino httpd version

[David Fifield <david () bamsoftware com>]

On Wed, Jan 30, 2013 at 10:44:58PM +0100, Jesper Kückelhahn wrote:
> I must admit that my C++ fu is quite weak, and I don't have a complete
> overview of the changes needed, but wouldn't it be possible to change
> the cpe_a/o/h_matched to vectors ? This seems to already be done in
> later stages in both 'service_scan.cc' and 'nse_nmaplib.cc', and would
> allow for multiple cpe's per service. Maybe some post action could
> then add the cpe:/a to the 'extra info' field, so no drastic changes
> to the output is needed.

Yes, there should be multiple of each type of CPE allowed, but it will
require a bit of refactoring to fix a legacy code design. This is the
only place in Nmap where there is a static limit on the number of CPE,
and the reason is that to change it would require a local change in how
memory is managed. It is worth doing but isn't the most important thing.

Check
        svn log -r 26365 https://svn.nmap.org/nmap-exp/david/nmap-cpe@26418
        svn diff -c 26365 https://svn.nmap.org/nmap-exp/david/nmap-cpe@26418
for the commit that added the CPE to ServiceNFO in the first place and
the rationale for the static limit.

I don't think we'd accept a patch to stuff CPE into the extra info.
There was a discussion about it on the mailing list some time back. The
feeling is that CPE is more used for machine-driven automated
processing; people doing that already have it in the XML, which is the
format they should be processing. Showing it in normal output in all
cases hasn't been deemed to be worth the extra screen space.

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/