Home page logo
/

nmap-dev logo Nmap Development mailing list archives

[NSE][patch] Fix bugs in http.lua and sslcert.lua
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 11 Jun 2012 11:19:20 -0500

Hey List,

2 more bugs, with patches this time. First, parse_redirect in http.lua sometimes returns a url table without a path attribute, especially when parsing headers like this:

Location: http://google.com

The exceptions happened in several different scripts:

./nselib/http.lua:952: attempt to concatenate local 'path' (a nil value)
stack traceback:
        ./nselib/http.lua:952: in function 'lookup_cache'
        ./nselib/http.lua:1395: in function 'get'
./scripts/http-auth.nse:54: in function <./scripts/http-auth.nse:49>
        (...tail calls...)
./nselib/http.lua:952: attempt to concatenate local 'path' (a nil value)
stack traceback:
        ./nselib/http.lua:952: in function 'lookup_cache'
        ./nselib/http.lua:1395: in function 'get'
./scripts/http-title.nse:51: in function <./scripts/http-title.nse:47>
        (...tail calls...)
./nselib/http.lua:952: attempt to concatenate local 'path' (a nil value)
stack traceback:
        ./nselib/http.lua:952: in function 'lookup_cache'
        ./nselib/http.lua:1395: in function 'get'
./scripts/http-title.nse:51: in function <./scripts/http-title.nse:47>
        (...tail calls...)

Here is the fix: If u.path is not set, assume the root path ("/")

Index: nselib/http.lua
===================================================================
--- nselib/http.lua     (revision 28903)
+++ nselib/http.lua     (working copy)
@@ -1334,6 +1334,9 @@
     u.host, u.port = stdnse.get_hostname(host), port.number
u.path = ((u.path:sub(1,1) == "/" and "" ) or "/" ) .. u.path -- ensuring leading slash
   end
+  if ( not(u.path) ) then
+    u.path = "/"
+  end
   if ( u.query ) then
     u.path = ("%s?%s"):format( u.path, u.query )
   end

The other bug was in sslcert.lua, and resulted in this exception:

./scripts/ssl-cert.nse:135: attempt to index local 'cert' (a nil value)
stack traceback:
        ./scripts/ssl-cert.nse:135: in function 'parseCertificate'
./scripts/ssl-cert.nse:168: in function <./scripts/ssl-cert.nse:162>
        (...tail calls...)

The cert is returned a few lines earlier from sslcert.getCertificate(), which is supposed to return a false status on failure. I added a check for a nil certificate to that function, and returned false in that case:

Index: nselib/sslcert.lua
===================================================================
--- nselib/sslcert.lua  (revision 28903)
+++ nselib/sslcert.lua  (working copy)
@@ -200,7 +200,10 @@
                end
     end
     local cert = socket:get_ssl_certificate()
-
+  if cert == nil then
+    return false, "Unable to get cert"
+  end
+
        host.registry["ssl-cert"] = host.registry["ssl-cert"] or {}
host.registry["ssl-cert"][port.number] = host.registry["ssl-cert"][port.number] or {}
        host.registry["ssl-cert"][port.number] = cert

This should be the last of my bugfixes for today! Sorry for the flood of messages.

Dan


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault