Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: script category selection bug - was: Script force
From: Patrick Donnelly <batrick () batbytes com>
Date: Mon, 5 Dec 2011 12:18:50 -0500

On Mon, Dec 5, 2011 at 10:38 AM, Djalal Harouni <tixxdz () opendz org> wrote:
On Sat, Dec 03, 2011 at 10:41:47PM +0100, Martin Holst Swende wrote:
On 12/01/2011 11:47 PM, Djalal Harouni wrote:
On Tue, Nov 29, 2011 at 03:11:32PM -0800, David Fifield wrote:
I also tried
   +(default or vuln)
I didn't really expect it to work. This was the output:
   NSE: failed to initialize the script engine:
   [string "rule"]:1: attempt to call a boolean value
We can also support this but it will need more regexp checks, perhaps we
should just let users specify "+default or +vuln" as suggested by
Fyodor.

I'll try to have a look at this error.

Currently, there is an error since the globalized_rule is created on the
"+(default or vuln)" string instead of "(default or vuln)".
If the force-check/removal is moved up, it does not crash (but has no
effect - force is not used)
What happens currently is that the substring in globalize becomes empty,
since gsub will cut the input at first "(". This is the result:

m("")(m("default") or m("vuln"))
Yes the substring becomes empty but this will not trigger the bug.

This bug was present before this patch, you can test it with this:
--script="foo(default and vuln)"

There is no vulnerability here. The parser should probably emit an
error but I'm not sure it's worth it.

-- 
- Patrick Donnelly
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]