Re: [nmap-svn] r36162 - nmap/nselib/data

[nnposter <nnposter () users sourceforge net>]

On 8/22/16 9:35 AM, Daniel Miller wrote:
> So in the specific case of http-default-accounts-fingerprints.lua, it
> makes sense to use the last option; most of the fingerprints will not
> require openssl to check. We can even move the conditional farther out:
> if the library is not present, do not bother adding the fingerprint to
> the fingerprints table at all.

I agree and I was contemplating that but ultimately I did not want to
break the overall structure of the fingerprint file. The cost of loading
the fingerprint is minimal as doing so does not result in any additional
network traffic or extensive scanner-side processing.

> The other option you mentioned directly to me was: local _, openssl =
> pcall(require, "openssl"); This option should not be used, since "_" is
> considered a throwaway variable name; It could easily be overwritten,
> and code that tests it doesn't make sense. So it would open us up to
> crashes when someone writes unconditional code that tries to index the
> nonexistent openssl library.

I do not believe that my example...

    local _, openssl = pcall(require, 'openssl')
    ...
    if openssl and openssl.md5 then

...had any dependency on "_", namely there was no explicit or implicit
"code that tests it", so I am not quite sure that I understand your point.

To satisfy my curiosity, could you please point out what specifically
would be wrong with the example? (To make it clear, I am not opposed to
option #3; I have used it in the original commit after all. I am just
trying to understand the pitfalls with option #4.)


Cheers,
nnposter
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/