Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [nmap-svn] r32678 - nmap
From: Ron <ron () skullsecurity net>
Date: Mon, 27 Jan 2014 20:10:17 -0800


This patch is causing me issues:

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 4) scan.
NSE: Script Engine Scan Aborted.
An error was thrown by the engine:
/home/ron/tools/nmap/nse_main.lua:210: bad argument #2 to 'format' (no
stack traceback:
[C]: in function 'format'
/home/ron/tools/nmap/nse_main.lua:210: in function 'print_debug'
/home/ron/tools/nmap/nse_main.lua:329: in function 'd'
/home/ron/tools/nmap/nse_main.lua:381: in function 'start'
/home/ron/tools/nmap/nse_main.lua:916: in function 'run'
/home/ron/tools/nmap/nse_main.lua:1394: in function
[C]: in ?

I tried to debug, but I don't see what's going on.


On 2014-01-27 22:56, commit-mailer () nmap org wrote:
Author: david
Date: Mon Jan 27 22:56:29 2014
New Revision: 32678

Escape '%' in arguments to Thread:d.

A user reported this crash when scanning a target whose name contained
the '%' character:

NSE: Script Engine Scan Aborted.
An error was thrown by the engine: nse_main.lua:322: invalid capture index
stack traceback:
      [C]: in function 'gsub'
      nse_main.lua:322: in function 'd'
      nse_main.lua:377: in function 'start'
      nse_main.lua:912: in function 'run'
      nse_main.lua:1390: in function <nse_main.lua:1293>
      [C]: in ?

I'm not sure how a name with '%' got resolved, but I was able to
reproduce the crash by adding this line to /etc/hosts:       a%40b
and then running
      ./nmap --script=banner a%40b -d --top-ports 5

The gsub function recognizes "%d", where d is a digit, as a capture
index. The constructed string is then passed to print_debug, which is
like printf. Therefore we escape every occurrence of "%" twice, to get


Modified: nmap/nse_main.lua
--- nmap/nse_main.lua (original)
+++ nmap/nse_main.lua Mon Jan 27 22:56:29 2014
@@ -315,12 +315,16 @@
   -- Changes "%THREAD" with an appropriate identifier for the debug level
   function Thread:d (fmt, ...)
     local against = against_name(self.host, self.port);
+    local function replace(fmt, pattern, repl)
+      -- Escape each % twice: once for gsub, and once for print_debug.
+      return gsub(fmt, pattern, gsub(repl, "%%", "%%%%%%%%"));
+    end
     if debugging() > 1 then
-      fmt = gsub(fmt, "%%THREAD_AGAINST", self.info..against);
-      fmt = gsub(fmt, "%%THREAD", self.info);
+      fmt = replace(fmt, "%%THREAD_AGAINST", self.info..against);
+      fmt = replace(fmt, "%%THREAD", self.info);
-      fmt = gsub(fmt, "%%THREAD_AGAINST", self.short_basename..against);
-      fmt = gsub(fmt, "%%THREAD", self.short_basename);
+      fmt = replace(fmt, "%%THREAD_AGAINST", self.short_basename..against);
+      fmt = replace(fmt, "%%THREAD", self.short_basename);
     print_debug(1, fmt, ...);

Sent through the svn mailing list
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]