Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] PCRE MATCHLIMIT and the use of greedy quantifiers (-sV scans)
From: doug () hcsw org
Date: Mon, 6 Apr 2009 06:38:17 +0000

On Fri, Apr 03, 2009 at 08:53:26PM +0000 or thereabouts, Brandon Enright wrote:
I think we can make the following substitution on all s modifier
match lines (untested):

s/[.][*]([\]r[\]n|[\]n)*?[.][*]/.*/g

I agree but I'd suggest a few modifications.

First) we need to make sure your first [.] isn't preceded by a \ (easy
with negative look-behind).

Aha! Good one. That's very true.

Second) in most cases the content trailing
the .* is still in the header and not in the body.  Lazy quantification
with .*? should be generally faster because it won't consume the whole
string and then slowly back off.  I'd propose changing to .*? in the
case that the trailing content is still in the header and .* when the
trailing content is in the body.

I'm not that concerned with this especially if the strings are unique
enough but there's no harm here either.

If you're okay with me going through by hand and replacing .*\r?\n.*
with .* or .*? I'll get started right away.  There are about 50 matches
that need work.

Sounds great, thank you. If you like I will take a quick look at the
patch but I'm sure I don't need to because you will do it fine.

Best,

Doug

Attachment: _bin
Description:


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]