Nmap Development mailing list archives
Re: Completed Lua 5.3 upgrade!
From: Paulino Calderon <paulino () calderonpale com>
Date: Sun, 17 Jul 2016 08:48:04 -0500
Hey Daniel, I confirm your patch fixes the issue in my installation. I also agree that this change (r3600) is useful in the other places because spotting undefined behavior errors related the float-to-int conversion could be tricky. If we are dealing with signed values, should we also use ceil() in nseU_checkinteger accordingly to get more accurate results? Cheers .
On Jul 17, 2016, at 12:02 AM, Daniel Miller <bonsaiviking () gmail com> wrote: Patrick, I think this is supposed to be handled by setting LUA_FLOORN2I, which causes a floor operation to be applied when calling things like luaL_checkinteger on a float value. Unfortunately, we can't just set that because we'll end up with these crashes if the user links against a liblua built without this set. So I think we need to go through and apply a floor operation to most cases where we call luaL_checkinteger. Instead, I've pushed r36000, a change that adds a utility function nseU_checkinteger. This function works a bit like luaL_checkinteger when LUA_FLOORN2I is set to 1: it checks that the given index is a number, then does a floor operation on that number before calling lua_numbertointeger to convert it to an int (which is what lua_Integer is probably set to in most cases). The other change involved is using signed integer timeouts instead of unsigned, since the nsock operations all take signed values anyway. This will help avoid integer overflow problems. I think this function should be used in most places in the NSE libraries where we were previously using luaL_checkinteger. I also suspect it could be used for lua_tointeger in lots of places, too, but I would appreciate your input. Dan On Fri, Jul 15, 2016 at 1:53 PM, Paulino Calderon <paulino () calderonpale com <mailto:paulino () calderonpale com>> wrote: Hey, I agree with increasing the debug level required to at least 4. A lot of scripts use level 3 to print information and those bin calls are useful but won’t be needed in a lot of cases as they produce a LOT of output. I just spotted another issue with the upgrade to 5.3. lua_tointeger changed behavior in 5.3 (https://www.lua.org/manual/5.3/manual.html#lua_tointeger <https://www.lua.org/manual/5.3/manual.html#lua_tointeger>) and it is causing problems with scripts/libraries using explicitly non-specified conversions, specifically i noticed the problem in stdnse.get_timeouts() and comm.setup_connect but I’m posting this to the mailing list in case we use these integer conversions anywhere else: /Users/cldrn/Tools/nmap/./nselib/comm.lua:65: bad argument #1 to 'set_timeout' (number has no integer representation) stack traceback: [C]: in method 'set_timeout' /Users/cldrn/Tools/nmap/./nselib/comm.lua:65: in upvalue 'setup_connect' /Users/cldrn/Tools/nmap/./nselib/comm.lua:211: in function 'comm.opencon' /Users/cldrn/Tools/nmap/./nselib/comm.lua:263: in function 'comm.tryssl' /Users/cldrn/Tools/nmap/./nselib/http.lua:1205: in function </Users/cldrn/Tools/nmap/./nselib/http.lua:1181> (...tail calls...) /Users/cldrn/Tools/nmap/./nselib/http.lua:1625: in function 'http.get' /Users/cldrn/Tools/nmap/./nselib/http.lua:2479: in function 'http.identify_404' /Users/cldrn/Tools/nmap/./scripts/http-enum.nse:370: in function </Users/cldrn/Tools/nmap/./scripts/http-enum.nse:351> (...tail calls...) Ps. I’ll post a patch to stdnse later today after I look for this problem in other parts of NSE. Cheers.On Jul 7, 2016, at 5:45 PM, Patrick Donnelly <batrick () batbytes com <mailto:batrick () batbytes com>> wrote: On Thu, Jul 7, 2016 at 6:46 AM, Tom Sellers <nmap () fadedcode net <mailto:nmap () fadedcode net>> wrote:On 7/2/2016 12:06 PM, Patrick Donnelly wrote:On Sun, Jun 26, 2016 at 4:53 PM, Patrick Donnelly <batrick () batbytes com <mailto:batrick () batbytes com>> wrote:On Sat, Jun 25, 2016 at 1:25 PM, Patrick Donnelly <batrick () batbytes com <mailto:batrick () batbytes com>> wrote:On Fri, Jun 17, 2016 at 8:43 PM, Patrick Donnelly <batrick () batbytes com <mailto:batrick () batbytes com>> wrote:On Wed, Jun 8, 2016 at 9:31 PM, Patrick Donnelly <batrick () batbytes com <mailto:batrick () batbytes com>> wrote:Without further ado, here's the branch: https://github.com/batrick/nmap/tree/nse-lua53 <https://github.com/batrick/nmap/tree/nse-lua53>If there are no questions/comments/complaints/objections, I'd like to merge the branch sometime around next Friday. All feedback is still welcome!I've incorporated Daniel's suggestions. The branch is now in svn: https://svn.nmap.org/nmap-exp/patrick/nse-lua53 <https://svn.nmap.org/nmap-exp/patrick/nse-lua53> Last call for comments. I plan to merge into /nmap tomorrow.Alright, I've resolved all of the reported problems. I will give the branch another few days to cool before merging. Please keep testing everyone!Merged in https://svn.nmap.org/nmap@35945 <https://svn.nmap.org/nmap@35945>.Patrick, Will the debug statements in bin.lua remain? They generate the following at debug level2:I'm open to increasing the debug level. There may be bugs still in the bin wrapper so I reckon the debug output may help in the future. -- Patrick Donnelly _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev <https://nmap.org/mailman/listinfo/dev> Archived at http://seclists.org/nmap-dev/ <http://seclists.org/nmap-dev/>_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev <https://nmap.org/mailman/listinfo/dev> Archived at http://seclists.org/nmap-dev/ <http://seclists.org/nmap-dev/>
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Completed Lua 5.3 upgrade! Patrick Donnelly (Jul 02)
- Re: Completed Lua 5.3 upgrade! Tom Sellers (Jul 07)
- Re: Completed Lua 5.3 upgrade! Patrick Donnelly (Jul 07)
- Re: Completed Lua 5.3 upgrade! Paulino Calderon (Jul 15)
- Re: Completed Lua 5.3 upgrade! Patrick Donnelly (Jul 16)
- Re: Completed Lua 5.3 upgrade! Daniel Miller (Jul 16)
- Re: Completed Lua 5.3 upgrade! Paulino Calderon (Jul 17)
- Re: Completed Lua 5.3 upgrade! Patrick Donnelly (Jul 17)
- Re: Completed Lua 5.3 upgrade! Patrick Donnelly (Jul 07)
- Re: Completed Lua 5.3 upgrade! Tom Sellers (Jul 07)
- Re: Completed Lua 5.3 upgrade! Patrick Donnelly (Jul 07)
- <Possible follow-ups>
- Re: Completed Lua 5.3 upgrade! jah (Aug 11)