Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: --script-updatedb path sep strangeness

From: Patrick Donnelly <batrick () batbytes com>
Date: Wed, 29 Apr 2009 17:45:59 -0600
Hi Jah,

On Wed, Apr 29, 2009 at 2:02 PM, jah <jah () zadkiel plus com> wrote:

Hi folks,

On windows, after a --script-updatedb, the script filenames in script.db
have a leading backslash.  This causes an error such as:

NSE: failed to initialize the script engine:
C:\Program Files\Nmap\nse_main.lua:385: ♀tp-anon.nse is not a file!
stack traceback:
       [C]: in function 'assert'
       C:\Program Files\Nmap\nse_main.lua:385: in function
'get_chosen_scripts'

       C:\Program Files\Nmap\nse_main.lua:541: in main chunk
       [C]: ?

(that's the symbol for Venus in place of the f in ftp-anon)

I tracked this down to a Lua pattern in the const char load_db[] in
nse_main.cc script-updatedb().
The pattern:
local basename = assert(match(script, '[/\\]?([^/\\]-%.nse)$'))\n

I found that when the Lua code this char represents is run, the pattern
becomes: '[/]?([^/]-%.nse)$'
so something has eaten the backslashes in the pattern (perhaps in
luaL_loadstring()) and so it captures the script filename with a leading
slash.
Adding a third backslash makes no difference, but adding a fourth:
'[/\\\\]?([^/\\\\]-%.nse)$' does the trick.

The attached patch is for this purpose, but I haven't committed it as I
wonder whether this strangeness might allude to some other problem
-perhaps the string is being interpreted twice.


This is a good catch. The backslash is interpretted as an escape
sequence by the C literal parser and the Lua string parser. For this
reason, we need 4 backslashes:

"match(script, '[/\\]?([^/\\]-%.nse)$')"
--> is seen by Lua as:
"match(script, '[/\]?([^/\]-%.nse)$')"
--> which becomes after Lua parses this string:
match(script, '[/]?([^/]-%.nse)$')

Properly:
"match(script, '[/\\\\]?([^/\\\\]-%.nse)$')"
--> is seen by Lua as:
"match(script, '[/\\]?([^/\\]-%.nse)$')"
--> which becomes after Lua parses this string:
match(script, '[/\]?([^/\]-%.nse)$')
So we need four backslashes to get the backslash escaped properly:

I dislike embedding Lua code in C for this reason. Hopefully we can
relocate this code to nse_main.lua in the future so this type of thing
can no longer happen.

Feel free to apply your patch.

Thanks for the report,

-- 
-Patrick Donnelly

"Let all men know thee, but no man know thee thoroughly: Men freely
ford that see the shallows."

- Benjamin Franklin

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: