Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [patch] More NSE bugfixes
From: Ron <ron () skullsecurity net>
Date: Tue, 5 Jun 2012 09:29:14 -0500

Hmm, I don't see the stack traces in the output of -oA. I thought --log-errors wrote stacktraces to the .nmap file?

I've continued the scans, dumping all stdout/stderr output to a file. I'll post errors once I get a good collection. 

Ron

On Tue, 05 Jun 2012 09:17:57 -0500 Daniel Miller <bonsaiviking () gmail com> wrote:
Ron,

In general, throwing an exception should be avoided in favor of 
returning nil from the action, or returning a description of the
error if nmap.debugging() > 0. I would guess that the majority of
them are due to bugs rather than an expected failure condition.

Stack traces are particularly interesting right now because of the 
change from Lua 5.1 to 5.2, so any bugs related to that can be worked
out.

Dan

On 06/05/2012 08:53 AM, Ron wrote:
A question related to this - are all stacktraces in -d output bad?
Or are some expected?

I've scanned 50,000+ Internet hosts in the last little while. There
are a lot of stacktraces in my output. I can go through and post
them if they shouldn't be happening. Otherwise - if some are okay
and expected - I'll go through at some point and triage the ones
that are probably legit bugs.

Ron

On Sun, 3 Jun 2012 21:36:12 -0500 Daniel
Miller<bonsaiviking () gmail com>  wrote:
List,

Decided to hunt bugs again, by running a debugging scan on my
network (sudo ./nmap -A --script 'default or (safe and discovery)'
-d5 -sU -sS -sY --log-errors 192.168.1.0/24 -T4 -oA ../test). Here
are the bugs I came up with (patches attached):

Fix bug in traceroute-geolocation: ipops

./scripts/traceroute-geolocation.nse:100: variable 'ipops' is not
declared
stack traceback:
     [C]: in function 'error'
     ./nselib/strict.lua:80: in function '__index'
     ./scripts/traceroute-geolocation.nse:100: in function
     <./scripts/traceroute-geolocation.nse:82>
     (...tail calls...)

----
Fix bug in dns.encodeFQDN

In lexmark-config.nse, dns.query is called with "" as the first
argument, which breaks dns.lua, resulting in this error:

./nselib/dns.lua:768: attempt to concatenate a nil value
stack traceback:
     ./nselib/dns.lua:768: in function 'encodeQuestions'
     ./nselib/dns.lua:848: in function 'encode'
     ./nselib/dns.lua:318: in function 'query'
     ./scripts/lexmark-config.nse:66: in function
<./scripts/lexmark-config.nse:56>
     (...tail calls...)

Fixed by returning \0 byte from encodeFQDN if the name passed in is
the empty string. Not sure how this will work, but it shouldn't
throw exceptions, at least.

----
A change had left an undeclared variable, func. Fix was to strip
out the test for existence of func, since that logic was based on
previously loading the function from a file, instead of the current
method of indexing into an object to get the function. Error was:

./scripts/wsdd-discover.nse:53: variable 'func' is not declared
stack traceback:
     [C]: in function 'error'
     ./nselib/strict.lua:80: in function '__index'
     ./scripts/wsdd-discover.nse:53: in function 'main'
     ./nse_main.lua:803: in function<./nse_main.lua:803>

---

Lastly, there's a bug with cups-queue-info (or possibly with the
ipp.lua library) that I can't hunt down at the moment. Perhaps with
access to a printer tomorrow I'll be able to hunt it down, but
here's the exception traceback:

NSE: 'cups-queue-info' (thread: 0xb04eae0) against 192.168.1.2:631
threw an error!
./scripts/cups-queue-info.nse:40: attempt to index upvalue 'ipp' (a
boolean value)
stack traceback:
         ./scripts/cups-queue-info.nse:40: in function
<./scripts/cups-queue-info.nse:39>
         (...tail calls...)

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault