Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] nmap.fetchfile and absolute paths

From: David Fifield <david () bamsoftware com>
Date: Tue, 11 Aug 2009 12:18:07 -0600
On Tue, Aug 11, 2009 at 01:43:10AM +0100, jah wrote:

nmap.fetchfile() as used in NSE doesn't handle absolute paths - did it
ever? - would we like it to?
There's nse_fetchfile_absolute() in nse_fs.cc which used to be called by
fetchfile_absolute() in the now mostly defunct nse_main.cc, but is
otherwise unused at the moment.


nse_fetchfile_absolute isn't completely unused--it's called by the
cnse.fetchfile_absolute function used internally in nse_main.lua.

I added the nse_fetchfile_absolute function (then called
init_fetchfile_absolute) in r6471. It is only used to look up script
filenames in the argument to --script.

svn diff -c 6471 svn://svn.insecure.org/nmap/nse_init.cc@12481


NSE now calls l_fetchfile() in nse_nmaplib.cc which calls the main
nmap_fetchfile() in nmap.cc and it looks to me like absolute filepaths
handling may have disappeared with the change to using this function (I
could be wrong).

Any script which allows --script-args /path/to/some/resource
(apache-userdir-enum.nse for instance) could make use of an nse
nmap.fetchfile() that handles absolute paths, either directly or via
datafiles.lua

Vlatko noticed the same 'deficiency' in Ncrack and a similar patch
(attached) could be used for the main nmap_fetchfile() in nmap.cc though
this might be undesirable given that this function handles all of Nmap's
datafiles fetching and is quite cautious about the way it does so.

Should we reinstate the nse_fs.cc functions instead?


As far as I know, nmap.fetchfile never handled absolute paths, as
nse_fetchfile_absolute was only used for looking up script filenames.
However it seems reasonable that it should work that way. I would prefer
changing nmap.fetchfile to use nse_fetchfile_absolute over universally
changing nmap_fetchfile for all callers.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: