Nmap Development mailing list archives
Re: epoch time overflow in stdnse.lua triggered by ssl-cert.nse due to long livecertificates
From: nmap () bunten de
Date: Wed, 21 May 2014 19:33:02 +0200 (CEST)
On Wed, 21 May 2014, Daniel Miller wrote:
I believe that I have addressed this issue in r32871 and r32872 by skipping the conversion to a 32-bit timestamp before formatting. Here are the changes as a patch, if that helps:
(...) Daniel, yes - you did and it helps. Output yielded scanning a test system: (...) PORT STATE SERVICE VERSION 443/tcp open ssl/http Apache httpd 2.4.6 ((Ubuntu)) | ssl-cert: Subject: (...) | Public Key type: rsa | Public Key bits: 2048 | Not valid before: 2014-05-21T17:20:03 | Not valid after: 2039-05-15T17:20:03 | MD5: 8c5b 20e6 1f59 8331 e51a 46a3 4747 f172 | SHA-1: 1ead fab6 385e 0a0b c5bf fb3e e883 e885 e3b5 e85e | -----BEGIN CERTIFICATE----- | MIIDqTCCApGgAwIBAgIJAKpgY9RlV9jSMA0GCSqGSIb3DQEBBQUAMGsxCzAJBgNV (...) Awesome, thanks for taking the time! Regards, Andreas
On Tue, Apr 22, 2014 at 2:22 AM, <andreas () bunten de> wrote:
(...)
I got quite a few of these errors while scanning and using ssl-cert NSE script: | NSE: ssl-cert against xx.x.xx.xx:8443 threw an error! | /usr/local/bin/../share/nmap/nselib/stdnse.lua:408: attempt to | perform arithmetic on a nil value | stack traceback: | /usr/local/bin/../share/nmap/nselib/stdnse.lua:408: | in function 'date_to_timestamp' | /usr/local/bin/../share/nmap/scripts/ssl-cert.nse:196: | in function 'output_tab' | /usr/local/bin/../share/nmap/scripts/ssl-cert.nse:241: | in function </usr/local/bin/../share/nmap/scripts/ssl-cert.nse:235> | (...tail calls...) from nmap/nselib/stdnse.lua -> | function date_to_timestamp(date, offset) | offset = offset or 0 | return os.time(date) + utc_offset(os.time(date)) - offset <--- line 408 | end The certificate just scanned was issued 2014-03-25 and is valid until 2044-03-17. I guess anything beyond 2038-01-19 is problematic.
(...) _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- epoch time overflow in stdnse.lua triggered by ssl-cert.nse due to long livecertificates andreas (Apr 22)
- Re: epoch time overflow in stdnse.lua triggered by ssl-cert.nse due to long livecertificates Daniel Miller (May 21)
- Re: epoch time overflow in stdnse.lua triggered by ssl-cert.nse due to long livecertificates nmap (May 21)
- Re: epoch time overflow in stdnse.lua triggered by ssl-cert.nse due to long livecertificates Daniel Miller (May 21)