Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: NSE exceptions: false or nil?

Re: NSE exceptions: false or nil?

From: David Fifield <david_at_bamsoftware.com>
Date: Sat, 3 Nov 2007 12:41:08 -0700

On Fri, Nov 02, 2007 at 01:00:24PM +0100, Stoiko Ivanov wrote:
> On Thu, Nov 01, 2007 at 10:40:22PM -0700, David Fifield wrote:
> > Are NSE exceptions supposed to return false or nil? At
> > http://insecure.org/nmap/nse/nse-api.html#nse-exceptions it says that
> > the first thing returned is a Boolean value. But trying to catch an
> > exception from connect fails, as the attached example script (test.nse)
> > shows. It produces this message:
> >
> > Initiating SCRIPT ENGINE at 22:26
> > false Name or service not known
> > SCRIPT ENGINE: In: nse_nmaplib.cc:474 Trying to finalize a non conforming function. Are you sure you return true on success followed by the remaining return values and nil on failure followed by an error string?
> > QUITTING!
> >
> > We see that connect returns (false, "Name or service not known"), but
> > this is "non conforming." Should NSE's internal functions be modified to
> > return nil instead of false, or should false be considered an exception
> > marker? Does the patch I attached do the right thing?
>
> I think the latter would be more convenient.
> Since the network I/O functions return true on success I would expect a false
> value to indicate an exception.
> AFAIK this patch shouldn't cause any problems with the remaining NSE.
>
> > Index: nse_nmaplib.cc
> > ===================================================================
> > --- nse_nmaplib.cc (revision 6111)
> > +++ nse_nmaplib.cc (working copy)
> > @@ -460,7 +460,7 @@
> > }
> >
> > static int l_exc_finalize(lua_State *l) {
> > - if (lua_isnil(l, 1)) {
> > + if (lua_isnil(l, 1) || !lua_toboolean(l, 1)) {
>
> This looks good to me, however if I recall correctly the lua_isnil() is not
> really needed, because lua_toboolean() should return false if there is nil
> at the specified position on the stack.

I attached another patch that's better. It causes an exception if the
first returned value is false or nil, strips the first returned value
only if it's a Boolean true, and shows the "non conforming" message
otherwise.

I want to check before I commit it that this is really what's wanted.
false or nil or true as the first returned value, and anything else is
an error. If that's the case, the online documentation should make it
clear.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Received on Nov 03 2007
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]