Nmap Development mailing list archives
Caution about NSE data packing
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 14 Feb 2017 00:03:02 -0600
Hey, all, I ran into a case where some NSE scripts were misbehaving on Solaris on SPARC, and I found that the cause was a call to bin.pack [1] that relied on "I" being packed little-endian. But SPARC is big-endian, so without an explicit "<" to force litte-endianness, the wrong behavior was used. I've gone through all the cases I could find of format strings without the explicit byte order modifiers ("<" for little-endian or ">" for big-endian). But this is something we should pay attention to in new code as it is added. The same issue affects the bin.lua compatibility library as well as the string.pack and string.unpack functions from Lua 5.3. Dan
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Caution about NSE data packing Daniel Miller (Feb 13)