Nmap Development mailing list archives
Re: script category selection bug - was: Script force
From: Djalal Harouni <tixxdz () opendz org>
Date: Mon, 5 Dec 2011 23:24:02 +0100
On Mon, Dec 05, 2011 at 12:18:50PM -0500, Patrick Donnelly wrote:
On Mon, Dec 5, 2011 at 10:38 AM, Djalal Harouni <tixxdz () opendz org> wrote:Yes the substring becomes empty but this will not trigger the bug. This bug was present before this patch, you can test it with this: --script="foo(default and vuln)"There is no vulnerability here. The parser should probably emit an error but I'm not sure it's worth it.
Ok Patrick. I've attached a simple patch to raise an error.
--script="foo(default and vuln)"
NSE: failed to initialize the script engine:
/mnt/opensource/code/nmap/nmap-trunk/nse_main.lua:581: Bad script rule:
foo(default and vuln) -> script rule expression not supported.
stack traceback:
...
--
tixxdz
http://opendz.org
Attachment:
script_category_fix.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Script force, (continued)
- Re: Script force Patrick Donnelly (Dec 07)
- Re: Script force Martin Holst Swende (Dec 07)
- Re: Script force Martin Holst Swende (Dec 07)
- Re: Script force Martin Holst Swende (Dec 11)
- Re: Script force Djalal Harouni (Dec 11)
- Re: Script force Martin Holst Swende (Dec 13)
- Re: Script force Patrik Karlsson (Dec 16)
- Re: Script force Fyodor (Dec 19)
- Re: script category selection bug - was: Script force Djalal Harouni (Dec 05)
- Re: script category selection bug - was: Script force Patrick Donnelly (Dec 05)
- Re: script category selection bug - was: Script force Djalal Harouni (Dec 05)