Nmap Development mailing list archives
Re: --script-updatedb path sep strangeness
From: Patrick Donnelly <batrick () batbytes com>
Date: Wed, 29 Apr 2009 17:45:59 -0600
Hi Jah, On Wed, Apr 29, 2009 at 2:02 PM, jah <jah () zadkiel plus com> wrote:
Hi folks, On windows, after a --script-updatedb, the script filenames in script.db have a leading backslash. This causes an error such as: NSE: failed to initialize the script engine: C:\Program Files\Nmap\nse_main.lua:385: ♀tp-anon.nse is not a file! stack traceback: [C]: in function 'assert' C:\Program Files\Nmap\nse_main.lua:385: in function 'get_chosen_scripts' C:\Program Files\Nmap\nse_main.lua:541: in main chunk [C]: ? (that's the symbol for Venus in place of the f in ftp-anon) I tracked this down to a Lua pattern in the const char load_db[] in nse_main.cc script-updatedb(). The pattern: local basename = assert(match(script, '[/\\]?([^/\\]-%.nse)$'))\n I found that when the Lua code this char represents is run, the pattern becomes: '[/]?([^/]-%.nse)$' so something has eaten the backslashes in the pattern (perhaps in luaL_loadstring()) and so it captures the script filename with a leading slash. Adding a third backslash makes no difference, but adding a fourth: '[/\\\\]?([^/\\\\]-%.nse)$' does the trick. The attached patch is for this purpose, but I haven't committed it as I wonder whether this strangeness might allude to some other problem -perhaps the string is being interpreted twice.
This is a good catch. The backslash is interpretted as an escape sequence by the C literal parser and the Lua string parser. For this reason, we need 4 backslashes: "match(script, '[/\\]?([^/\\]-%.nse)$')" --> is seen by Lua as: "match(script, '[/\]?([^/\]-%.nse)$')" --> which becomes after Lua parses this string: match(script, '[/]?([^/]-%.nse)$') Properly: "match(script, '[/\\\\]?([^/\\\\]-%.nse)$')" --> is seen by Lua as: "match(script, '[/\\]?([^/\\]-%.nse)$')" --> which becomes after Lua parses this string: match(script, '[/\]?([^/\]-%.nse)$') So we need four backslashes to get the backslash escaped properly: I dislike embedding Lua code in C for this reason. Hopefully we can relocate this code to nse_main.lua in the future so this type of thing can no longer happen. Feel free to apply your patch. Thanks for the report, -- -Patrick Donnelly "Let all men know thee, but no man know thee thoroughly: Men freely ford that see the shallows." - Benjamin Franklin _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- --script-updatedb path sep strangeness jah (Apr 29)
- Re: --script-updatedb path sep strangeness jah (Apr 29)
- Re: --script-updatedb path sep strangeness Patrick Donnelly (Apr 29)
- Re: --script-updatedb path sep fixed jah (Apr 29)