[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nmap-dev
Subject:    Re: hddtemp-info.nse
From:       Toni Ruottu <toni.ruottu () iki ! fi>
Date:       2010-12-30 12:21:10
Message-ID: AANLkTinQnLPyKAqhn=gCi5Kqjm3-GvY9CH8OF0MG8m0A () mail ! gmail ! com
[Download RAW message or body]

The included patch fixes a bug in the comm library. Previously the
options got trashed when someone was used get_banner, like
hddtemp-info did. The fix also adds a new parameter eopts to method
tryssl. The new parameter can be used to set options for the early
receive, which takes place before the actual data exchange.

  --Toni

p.s. It is a bit illogical that the early receive option is turned on
from the regular opts, and not from the eopts, but I did not change
this as some code might rely on turning it on the old way.

On Mon, Dec 13, 2010 at 10:46 AM, Toni Ruottu <toni.ruottu@iki.fi> wrote:
> Finally, I got it working. The attached patch sets the bytes option,
> but also supports different separators. The previous version worked
> with |, but failed in case the administrator had specified a custom
> separator.
>
> Your patch modifies read function to do the right thing, but the
> get_banner function is using receive directly. After 1) applying the
> patch 2) changing get_banner to use read, and 3) applying my patch on
> the hddtemp script, it should all be good. Although I am unsure if
> there is some hidden problem in using read with get_banner. Should the
> parameter be called banner_bytes to distinguish it from the bytes
> argument used for payload?
>
> =A0--Toni
>
>
> On Sun, Dec 12, 2010 at 11:33 PM, David Fifield <david@bamsoftware.com> w=
rote:
>> On Sun, Dec 12, 2010 at 11:09:10PM +0200, Toni Ruottu wrote:
>>> On Sat, Dec 11, 2010 at 9:18 PM, David Fifield <david@bamsoftware.com> =
wrote:
>>> > On Thu, Dec 09, 2010 at 11:20:24AM +0200, Toni Ruottu wrote:
>>> >> On Thu, Dec 9, 2010 at 2:07 AM, David Fifield <david@bamsoftware.com=
> wrote:
>>> >> > On Tue, Nov 30, 2010 at 07:03:35PM +0200, Toni Ruottu wrote:
>>> >> >> The problem seems to be that comm always does a single receive. I=
f the
>>> >> >> network conditions are good this does not matter, but over the
>>> >> >> Internet the first receive is not likely to contain the full bann=
er. I
>>> >> >> think the comm library needs to be changed to do as many receives=
 as
>>> >> >> it is able to do before a time out.
>>> >> >
>>> >> > Does this patch make a difference?
>>> >>
>>> >> No. Still broken, after applying the patch.
>>> >
>>> > Try increasing the timeout (shouldn't require the patch I gave you). =
If
>>> > you find a reasonable timeout value I'll commit it.
>>> >
>>> > http://nmap.org/nsedoc/lib/comm.html
>>>
>>> I doubt that increasing the timeout will help. As far as I can tell
>>> the problem is not about the timeout being too short. The problem is
>>> that comm library does only one recv. My impression is that the
>>> response arrives very quickly, but in multiple parts. So reading it is
>>> really fast, as long as you do multiple recv.
>>
>> Nsock (used by NSE) internally does multiple recvs by default. It keeps
>> reading until the given byte limit is reached, EOF, or timeout. You
>> might have to increase the byte limit from its default of 1 too. (That's
>> what my earlier patch effectively did).
>>
>> David Fifield
>>
>

["comm-eopts.patch" (text/x-patch)]

Index: comm.lua
===================================================================
--- comm.lua	(revision 21580)
+++ comm.lua	(working copy)
@@ -86,7 +86,7 @@
 get_banner = function(host, port, opts)
 	opts = initopts(opts)
 	opts.recv_before = true
-	local socket, nothing, correct, banner = tryssl(host, port, "", opts)
+	local socket, nothing, correct, banner = tryssl(host, port, "", opts, opts)
     if socket then
       socket:close()
       return true, banner
@@ -185,7 +185,7 @@
 -- @return response The response received for the payload
 -- @return early_resp If opt recv_before is true, returns the value
 -- of the first receive (before sending data)
-local function opencon(host, port, protocol, data, opts)
+local function opencon(host, port, protocol, data, opts, eopts)
 	local sd = nmap.new_socket()
 
 	-- check for connect_timeout or timeout option
@@ -215,10 +215,10 @@
 	end
 
     local response, early_resp;
-	if opts and opts.recv_before then status, early_resp = sd:receive() end
+	if opts and opts.recv_before then status, early_resp = read(sd, eopts) end
 	if #data > 0 then
 		sd:send(data)
-		status, response = sd:receive()
+		status, response = read(sd, opts)
 	else
 		if not opts and opts.recv_before then
 			nsedebug.print_debug("Using comm.tryssl without first data payload and recv_first." .. 
@@ -246,17 +246,18 @@
 -- @param port The port table
 -- @param data The first data payload of the connection
 -- @param opts Options, such as timeout
+-- @param eopts Options, for early receive
 -- @return sd The socket descriptor
 -- @return response The response received for the payload
 -- @return correctOpt Correct option for connection guess
 -- @return earlyResp If opt recv_before is true, returns the value
 -- of the first receive (before sending data)
-function tryssl(host, port, data, opts)
+function tryssl(host, port, data, opts, eopts)
 	local opt1, opt2 = bestoption(port)
 	local best = opt1
-	local sd, response, early_resp = opencon(host, port, opt1, data, opts)
+	local sd, response, early_resp = opencon(host, port, opt1, data, opts, eopts)
 	if not sd then
-		sd, response, early_resp = opencon(host, port, opt2, data, opts)
+		sd, response, early_resp = opencon(host, port, opt2, data, opts, eopts)
 		best = opt2
 	end
 	if not sd then best = "none" end


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic