Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mitigate nil values and change strjoin library #1720

Closed
wants to merge 2 commits into from

Conversation

@vanjo9800
Copy link

commented Aug 30, 2019

The msrpc.lua and msrpctypes.lua were giving off errors when running the command:
nmap -Pn -p445 --script smb-brute domain.com -d.

The errors in the msrpctypes.lua script came from the migration from bin.pack and bin.unpack to string.pack and string.unpack. The former accepted nil values for as arguments and we did not do any arithmetic to determine whether the data is enough to extract an object. Now, however, we need to manually check whether the data is enough and can no longer pass nil values as arguments. The fix just initializes uninitialized variables to 1 which is the default for Lua.

The errros in the msrpc.lua script came from the wrong library referencing for the strjoin method used in some internal methods. I managed to find it in the stringaux library, not in the stdnse.

@nnposter

This comment has been minimized.

Copy link

commented Sep 1, 2019

Your patch for the stale references to stdnse.strjoin in library msrpc has been committed as r37721.

@nnposter

This comment has been minimized.

Copy link

commented Sep 1, 2019

The issue of arithmetic on a potentially nil pos argument is a bit more widespread throughout the msrpctypes library. A patch committed as r37722.

@nnposter

This comment has been minimized.

Copy link

commented Sep 1, 2019

The fix for ID Authority possibly being nil seems incorrect. See commit r37724 (ef2825b) for an alternate assessment.

@nnposter nnposter self-assigned this Sep 1, 2019

@vanjo9800

This comment has been minimized.

Copy link
Author

commented Sep 1, 2019

Okay, thanks a lot for the fast response to the changes!
I will keep an eye for more issues.

@nnposter

This comment has been minimized.

Copy link

commented Sep 1, 2019

Thank your for finding the bugs and submitting patches. They are definitely appreciated.

I will tentatively close this issue; we can always reopen it later.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.