Re: Bug in NSE core, I think

[Ron <ron () skullsecurity net>]

On 08/25/2009 08:19 PM, Ron wrote:
> Aha, it took me awhile but I tracked down this issue. It's actually in
> the caching that was recently checked in. Because of the cache,
> different vhosts are returning the same result, which is wrong.
> test.skullsecurity.org returns totally different results than
> www.skullsecurity.org, but the cache doesn't realize that.
>
> I'd suggest modifying the HTTP caching to use host.targetname, if
> possible. Patrick, do you see any issues with that?
>
> Thanks,
> Ron
Sorry I keep replying to myself, but eh?

I believe tiny patch will fix the caching issue (which I believe is the 
more important one) entirely:
--
Index: nselib/http.lua
===================================================================
--- nselib/http.lua     (revision 15291)
+++ nselib/http.lua     (working copy)
@@ -555,10 +555,9 @@
   local no_cache = options.no_cache; -- do not save result
   local no_cache_body = options.no_cache_body; -- do not save body

-  if type(host) == "table" then host = host.ip end
   if type(port) == "table" then port = port.number end

-  local key = host..":"..port..":"..path;
+  local key = get_hostname(host)..":"..port..":"..path;
   local mutex = nmap.mutex(tostring(lookup_cache)..key);

   local state = {
--

When I do that, it sends out the five queries I expect, not just the one 
I was getting. It also doesn't get a pile of false positives like it was.

Let me know if you think it's ok, and I'll check it in.

(The other issue with the results showing in the wrong place, I still 
think should be fixed but it's not as important, to me. It isn't giving 
me bad results, it's just putting them in the wrong place -- that's just 
polish to me).

Ron


--
Ron Bowes
http://www.skullsecurity.org/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org