Nmap Development mailing list archives
Re: [nmap-svn] r36162 - nmap/nselib/data
From: nnposter <nnposter () users sourceforge net>
Date: Mon, 22 Aug 2016 11:33:05 -0600
On 8/22/16 9:35 AM, Daniel Miller wrote:
So in the specific case of http-default-accounts-fingerprints.lua, it makes sense to use the last option; most of the fingerprints will not require openssl to check. We can even move the conditional farther out: if the library is not present, do not bother adding the fingerprint to the fingerprints table at all.
I agree and I was contemplating that but ultimately I did not want to break the overall structure of the fingerprint file. The cost of loading the fingerprint is minimal as doing so does not result in any additional network traffic or extensive scanner-side processing.
The other option you mentioned directly to me was: local _, openssl = pcall(require, "openssl"); This option should not be used, since "_" is considered a throwaway variable name; It could easily be overwritten, and code that tests it doesn't make sense. So it would open us up to crashes when someone writes unconditional code that tries to index the nonexistent openssl library.
I do not believe that my example... local _, openssl = pcall(require, 'openssl') ... if openssl and openssl.md5 then ...had any dependency on "_", namely there was no explicit or implicit "code that tests it", so I am not quite sure that I understand your point. To satisfy my curiosity, could you please point out what specifically would be wrong with the example? (To make it clear, I am not opposed to option #3; I have used it in the original commit after all. I am just trying to understand the pitfalls with option #4.) Cheers, nnposter _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap-svn] r36162 - nmap/nselib/data Daniel Miller (Aug 22)
- Re: [nmap-svn] r36162 - nmap/nselib/data nnposter (Aug 22)
- Re: [nmap-svn] r36162 - nmap/nselib/data Patrick Donnelly (Aug 22)
- Re: [nmap-svn] r36162 - nmap/nselib/data Daniel Miller (Aug 22)
- Re: [nmap-svn] r36162 - nmap/nselib/data nnposter (Aug 22)
- Re: [nmap-svn] r36162 - nmap/nselib/data nnposter (Aug 22)