On Thu, Dec 06, 2007 at 02:22:24PM +0100, Lionel Cons wrote:
> I've tried to use conditional matches in nmap-service-probes and got
> an "Assertion failed" error.
>
> Basically, I've tried:
>
> m foo m|^([A-Z]+ )?foo server| p/$1FooServer/
>
> in the hope to catch both "foo server" and "XXX foo server" in a
> single line and using this $1 information for the report.
>
> This kind of line gives me:
>
> nmap: service_scan.cc:622: int substvar(char*, char**, char*, int, const u8*, int, int*, int): Assertion `offstart >= 0 && offstart < subjectlen' failed.
> Aborted
>
> Is this a bug or a feature?
>
> IMHO, $1 should be treated as an empty string if it did not match.
Maybe it should work that way, but right now (as you can see) it
aborts if you try to include a replace with a non-existant string.
Treating that as an empty string might help some signatures, but also
removes this chance to catch errors. So I don't know which way is
best.
On another note, I'd try to avoid using replacements in p// anyway.
For example, that makes it impossible to tell from the signatures what
different programs are recognized. I'd generally rather see them all
enumerated like:
match foo m|foo server| p/FooServer/
match foo m|bar foo server| p/Bar FooServer/
match foo m|baz foo server| p/Baz FooServer/
Also, maybe the first part could be used in an i// string rather than
being part of the program (p//).
Cheers,
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Dec 06 2007
Intro
