Nmap Development mailing list archives
Re: Buffering problems in ssh2.lua
From: Joao Correa <joao () livewire com br>
Date: Mon, 15 Jun 2009 20:34:22 -0300
Here follows a second patch, where I've implemented a function to read the packet accordingly to what David suggested. The following patch have been tested on the same conditions of the previous one, finding valid results with fragmented packets or not. On Mon, Jun 15, 2009 at 11:20 AM, David Fifield<david () bamsoftware com> wrote:
On Mon, Jun 15, 2009 at 01:49:17AM -0300, Joao Correa wrote:Here follows a patch for correcting the problem. I've tested it with the command provided by David and also without using the perl lines (without forcing packet fragmentation), the script worked fine in both cases. The result also was the same obtained executing the script with the original ssh2.lua file and without forcing packet fragmentation.Thanks, you have the right idea with this patch.local kex_init - status, kex_init = socket:receive_bytes(1) + local kex_data + local kex_aux + status, kex_data = socket:receive_bytes(1) if not status then socket:close(); return end - kex_init = transport.parse_kex_init( transport.payload( kex_init ) ) + kex_init = transport.payload(kex_data) + while not kex_init do + status, kex_aux = socket:receive_bytes(1) + if status then kex_data = kex_data .. kex_aux end + kex_init = transport.payload(kex_data) + end + kex_init = transport.parse_kex_init(kex_init)What happens if the final receive_bytes, the one that gets the end of the SSH-2 packet, also get the beginning of the next packet? It will be discarded and any further reads will be broken. That is why I think there should be a read_packet function, with an internal buffer, so that bytes don't get lost like this. Making it a separate function would also keep you from having to duplicate the read loop in two different places.
I could not reproduce the situation mentioned by David, where subsequent data would be appended in the end of the ssh packet. Anyway, I think that this patch would be correct to deal with this situation.
David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Thanks, Joao Correa
Attachment:
ssh2.lua.2.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Buffering problems in ssh2.lua David Fifield (Jun 12)
- Re: Buffering problems in ssh2.lua Fyodor (Jun 13)
- Re: Buffering problems in ssh2.lua Joao Correa (Jun 14)
- Message not available
- Message not available
- Message not available
- Re: Buffering problems in ssh2.lua Joao Correa (Jun 14)
- Re: Buffering problems in ssh2.lua David Fifield (Jun 15)
- Re: Buffering problems in ssh2.lua Joao Correa (Jun 15)
- Re: Buffering problems in ssh2.lua David Fifield (Jun 16)
- Re: Buffering problems in ssh2.lua Joao Correa (Jun 27)
- Re: Buffering problems in ssh2.lua Joao Correa (Jun 14)
- Re: Buffering problems in ssh2.lua Fyodor (Jun 13)