Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Lua/NSE math.random argument error in qscan.nse #1037
The qscan.nse has an issue with the second argument in math.random being a non-integer. Example output below (some output removed):
The problem occurs in https://github.com/nmap/nmap/blob/master/scripts/qscan.nse#L487-L492 because delay is a non-integer (in this example, 200ms is parsed as 0.2, the value in seconds) and according to http://lua-users.org/wiki/MathLibraryTutorial all arguments of math.random are expected to be integers.
A quick fix/work-around would be to replace the calls with something like
if rtt < (3 * delay) / 2 then if rtt < (delay / 2) then stdnse.sleep(((delay / 2) + math.random(0, delay*1000)/1000 - rtt)) else stdnse.sleep(math.random(((3 * delay) / 2 - rtt)*1000)/1000) end
I chose 1000 as a value because according to https://github.com/nmap/nmap/blob/master/nselib/stdnse.lua#L60-L69 stdnse.sleep has millisecond resolution.