[prev in list] [next in list] [prev in thread] [next in thread]
List: nmap-dev
Subject: Re: --script-updatedb path sep strangeness
From: Patrick Donnelly <batrick () batbytes ! com>
Date: 2009-04-29 23:45:59
Message-ID: 790db3550904291645y3f845f48w5dd656ed346662b9 () mail ! gmail ! com
[Download RAW message or body]
Hi Jah,
On Wed, Apr 29, 2009 at 2:02 PM, jah <jah@zadkiel.plus.com> wrote:
> Hi folks,
>
> On windows, after a --script-updatedb, the script filenames in script.db
> have a leading backslash. This causes an error such as:
>
> NSE: failed to initialize the script engine:
> C:\Program Files\Nmap\nse_main.lua:385: ♀tp-anon.nse is not a file!
> stack traceback:
> [C]: in function 'assert'
> C:\Program Files\Nmap\nse_main.lua:385: in function
> 'get_chosen_scripts'
>
> C:\Program Files\Nmap\nse_main.lua:541: in main chunk
> [C]: ?
>
> (that's the symbol for Venus in place of the f in ftp-anon)
>
> I tracked this down to a Lua pattern in the const char load_db[] in
> nse_main.cc script-updatedb().
> The pattern:
> local basename = assert(match(script, '[/\\]?([^/\\]-%.nse)$'))\n
>
> I found that when the Lua code this char represents is run, the pattern
> becomes: '[/]?([^/]-%.nse)$'
> so something has eaten the backslashes in the pattern (perhaps in
> luaL_loadstring()) and so it captures the script filename with a leading
> slash.
> Adding a third backslash makes no difference, but adding a fourth:
> '[/\\\\]?([^/\\\\]-%.nse)$' does the trick.
>
> The attached patch is for this purpose, but I haven't committed it as I
> wonder whether this strangeness might allude to some other problem
> -perhaps the string is being interpreted twice.
This is a good catch. The backslash is interpretted as an escape
sequence by the C literal parser and the Lua string parser. For this
reason, we need 4 backslashes:
"match(script, '[/\\]?([^/\\]-%.nse)$')"
--> is seen by Lua as:
"match(script, '[/\]?([^/\]-%.nse)$')"
--> which becomes after Lua parses this string:
match(script, '[/]?([^/]-%.nse)$')
Properly:
"match(script, '[/\\\\]?([^/\\\\]-%.nse)$')"
--> is seen by Lua as:
"match(script, '[/\\]?([^/\\]-%.nse)$')"
--> which becomes after Lua parses this string:
match(script, '[/\]?([^/\]-%.nse)$')
So we need four backslashes to get the backslash escaped properly:
I dislike embedding Lua code in C for this reason. Hopefully we can
relocate this code to nse_main.lua in the future so this type of thing
can no longer happen.
Feel free to apply your patch.
Thanks for the report,
--
-Patrick Donnelly
"Let all men know thee, but no man know thee thoroughly: Men freely
ford that see the shallows."
- Benjamin Franklin
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic