Caution about NSE data packing

[Daniel Miller <bonsaiviking () gmail com>]

Hey, all,

I ran into a case where some NSE scripts were misbehaving on Solaris on
SPARC, and I found that the cause was a call to bin.pack [1] that relied on
"I" being packed little-endian. But SPARC is big-endian, so without an
explicit "<" to force litte-endianness, the wrong behavior was used.

I've gone through all the cases I could find of format strings without the
explicit byte order modifiers ("<" for little-endian or ">" for
big-endian). But this is something we should pay attention to in new code
as it is added. The same issue affects the bin.lua compatibility library as
well as the string.pack and string.unpack functions from Lua 5.3.

Dan

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/