Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mitigate nil values and change strjoin library #1720

Closed
wants to merge 2 commits into from
Closed

Mitigate nil values and change strjoin library #1720

wants to merge 2 commits into from

Conversation

vanjo9800
Copy link

@vanjo9800 vanjo9800 commented Aug 30, 2019
edited

The msrpc.lua and msrpctypes.lua were giving off errors when running the command:
nmap -Pn -p445 --script smb-brute domain.com -d.

The errors in the msrpctypes.lua script came from the migration from bin.pack and bin.unpack to string.pack and string.unpack. The former accepted nil values for as arguments and we did not do any arithmetic to determine whether the data is enough to extract an object. Now, however, we need to manually check whether the data is enough and can no longer pass nil values as arguments. The fix just initializes uninitialized variables to 1 which is the default for Lua.

The errros in the msrpc.lua script came from the wrong library referencing for the strjoin method used in some internal methods. I managed to find it in the stringaux library, not in the stdnse.

@vanjo9800 vanjo9800 mentioned this pull request Aug 30, 2019
Closed
nmap-bot pushed a commit that referenced this pull request Sep 1, 2019
Replace references to stdnse.strjoin with stringaux.strjoin. See #1720
be40965
@nnposter
Copy link

nnposter commented Sep 1, 2019

Your patch for the stale references to stdnse.strjoin in library msrpc has been committed as r37721.

@nnposter
Copy link

nnposter commented Sep 1, 2019

The issue of arithmetic on a potentially nil pos argument is a bit more widespread throughout the msrpctypes library. A patch committed as r37722.

nmap-bot pushed a commit that referenced this pull request Sep 1, 2019
Make sure that argument pos is always defined. See #1720
e5c4f48
nmap-bot pushed a commit that referenced this pull request Sep 1, 2019
Populate ID Authority with the correct value. See #1720
ef2825b
@nnposter
Copy link

nnposter commented Sep 1, 2019

The fix for ID Authority possibly being nil seems incorrect. See commit r37724 (ef2825b) for an alternate assessment.

@nnposter nnposter self-assigned this Sep 1, 2019
@vanjo9800
Copy link
Author

Okay, thanks a lot for the fast response to the changes!
I will keep an eye for more issues.

@nnposter
Copy link

nnposter commented Sep 1, 2019

Thank your for finding the bugs and submitting patches. They are definitely appreciated.

I will tentatively close this issue; we can always reopen it later.

@nnposter nnposter closed this Sep 1, 2019
@nnposter nnposter mentioned this pull request Sep 3, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@nnposter nnposter

Labels
bug NSE
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@vanjo9800 @nnposter