mailing list archives
[NSE] mssql library - bug in parsing browser data
From: Chris Woodbury <chris3e3 () gmail com>
Date: Fri, 21 Jan 2011 18:33:14 -0600
While working on some NSE scripts for SQL Server, I found a bug in the
mssql.lua library. In the Discover function, when the SQL Server
browser data is being parsed, it treats ";;" as a marker for the end
of the data for a SQL Server instance. However, ";;" is valid within
the data for an instance, signifying a field without a value (i.e. an
empty string, etc.), and one of these ";;"s will make the capture to
end too early, likely resulting in a crash .
Basically ,the proper way to identify an instance is to find
ServerName;.-;InstanceName;.-;IsClustered;.-; (per the SSRP spec,
these are always present and in this order) and then go on until you
reach the end or another instance. I couldn't figure out how to do
this with Lua patterns in one step; so, I did it in two - cutting up
the string and then parsing each one.
I've attached a patch against the SVN version. I haven't done a ton of
Lua/NSE scripting, so I would appreciate any comments.
gets captured as:
The script crashes on line 843 during (2), when it tries to use the
instance name, which it didn't get.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- [NSE] mssql library - bug in parsing browser data Chris Woodbury (Jan 22)