|
Nmap Development
mailing list archives
Re: [NSE patch] patch for print_debug calls in scripts without proper formatstring
From: Fyodor <fyodor () insecure org>
Date: Fri, 29 Aug 2008 02:16:51 -0700
On Mon, Aug 25, 2008 at 09:58:11AM +0200, Sven Klemm wrote:
the stdnse.print_debug() function unlike the normal lua print()
function expects a format specifier similar to string.format().
There are a few scripts which pass non-static data directly to
print_debug leading to "format string vulnerabilities".
When lua encounters any % with unknown conversion specifier or any
conversion specifier with unmatched argument given to the
print_debug() call script execution will stop.
The attached patch fixes the affected scripts.
Thanks Sven! I've applied this.
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
| 
Intro
