There is a defect in how script qscan.nse implements script parameter qscan.delay. Specifically, it compares its value (which is in seconds) against an observed round-trip time (which is in microseconds).
The following patch remediates the issue. It also incidentally resolves #1037.
--- a/scripts/qscan.nse+++ b/scripts/qscan.nse@@ -484,12 +484,9 @@
-- Unlike qscan.cc which loops around while waiting for
-- the delay, I just sleep here (depending on rtt)
- if rtt < (3 * delay) / 2 then- if rtt < (delay / 2) then- stdnse.sleep(((delay / 2) + math.random(0, delay) - rtt))- else- stdnse.sleep(math.random((3 * delay) / 2 - rtt))- end+ local sleep = delay * (0.5 + math.random()) - rtt / 1000000+ if sleep > 0 then+ stdnse.sleep(sleep)
Please let me know if you have any questions or concerns. Otherwise I will commit the patch in a few weeks.
The text was updated successfully, but these errors were encountered: