Nmap Development mailing list archives
Re: Bug in NSE core, I think
From: Patrick Donnelly <batrick () batbytes com>
Date: Wed, 26 Aug 2009 11:21:24 -0400
Hi Ron, On Tue, Aug 25, 2009 at 9:28 PM, Ron<ron () skullsecurity net> wrote:
On 08/25/2009 08:19 PM, Ron wrote:Aha, it took me awhile but I tracked down this issue. It's actually in the caching that was recently checked in. Because of the cache, different vhosts are returning the same result, which is wrong. test.skullsecurity.org returns totally different results than www.skullsecurity.org, but the cache doesn't realize that. I'd suggest modifying the HTTP caching to use host.targetname, if possible. Patrick, do you see any issues with that? Thanks, RonSorry I keep replying to myself, but eh? I believe tiny patch will fix the caching issue (which I believe is the more important one) entirely: -- Index: nselib/http.lua =================================================================== --- nselib/http.lua (revision 15291) +++ nselib/http.lua (working copy) @@ -555,10 +555,9 @@ local no_cache = options.no_cache; -- do not save result local no_cache_body = options.no_cache_body; -- do not save body - if type(host) == "table" then host = host.ip end if type(port) == "table" then port = port.number end - local key = host..":"..port..":"..path; + local key = get_hostname(host)..":"..port..":"..path; local mutex = nmap.mutex(tostring(lookup_cache)..key); local state = { -- When I do that, it sends out the five queries I expect, not just the one I was getting. It also doesn't get a pile of false positives like it was. Let me know if you think it's ok, and I'll check it in. (The other issue with the results showing in the wrong place, I still think should be fixed but it's not as important, to me. It isn't giving me bad results, it's just putting them in the wrong place -- that's just polish to me).
This change looks fine; You may check it in. -- -Patrick Donnelly "Let all men know thee, but no man know thee thoroughly: Men freely ford that see the shallows." - Benjamin Franklin _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Patrick Donnelly (Aug 25)
- Re: Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Brandon Enright (Aug 25)
- Re: Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Patrick Donnelly (Aug 26)
- Re: Bug in NSE core, I think Patrick Donnelly (Aug 26)
- Re: Bug in NSE core, I think Ron (Aug 27)
- Re: Bug in NSE core, I think Patrick Donnelly (Aug 27)
- Re: Bug in NSE core, I think Ron (Aug 27)
- Re: Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Patrick Donnelly (Aug 25)
- Re: Bug in NSE core, I think Patrick Donnelly (Aug 27)