[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nessus
Subject:    potential problems with netscape_rev_proxy.nasl
From:       Norbert Kiesel <nkiesel () tbdnetworks ! com>
Date:       2004-06-22 18:32:05
Message-ID: 1087929125.17179.65.camel () defiant
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


Hi,

while looking over recent Nessus changes, I noticed some things in
netscape_rev_proxy.nasl which I don't understand.

> if(res == NULL || "302" >!< res ) exit(0);
> myloc = strstr(res, string("Location: http://") ) ;
Would this not break if location points to an HTTPS server? Also, the
"string()" seems unnecessary.

> myloc2 = strstr(res, string("/images"));
> url = strstr(myloc - myloc2, "http");
Could be written as: url = myloc - myloc2; because  myloc is guaranteed
to start with "http" anyway

Here's another potential code improvement: get the /24 prefix only once
instead of computing it 256 times. (To be honest, I assume that there is
no measurable speedup through this, but I think the code is easier to
understand that way).

prefix = ereg(string:get_host_ip(), pattern:"[0-9]+\.[0-9]+\.[0-9]+\.");
for (i=1; i<256; i++) {
    req = string("GET http://", prefix, i, ":139/ HTTP/1.0\r\n\r\n"); 
    rep = http_keepalive_send_recv(port:port, data:req);
    if ( "200 OK" >< rep ) {
        security_hole(port);
        exit(0);
    }
}

</nk>


["signature.asc" (application/pgp-signature)]

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


[prev in list] [next in list] [prev in thread] [next in thread]