From 08fadd08fcfc98c760a9ee962203dfdfd83c29a3 Mon Sep 17 00:00:00 2001
From: ron <ron@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 2 Apr 2009 14:09:52 +0000
Subject: [PATCH] Fixed a bug where the scan would hit a nil-pointer exception
 when scanning broken implementations (reported by Steve Horejsi --
 http://www.skullsecurity.org/blog/?p=209&cpage=2#comment-219). This was due
 to using incorrect variable names.

---
 nselib/smb.lua | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/nselib/smb.lua b/nselib/smb.lua
index 5941e1650..4f49999f5 100644
--- a/nselib/smb.lua
+++ b/nselib/smb.lua
@@ -1045,13 +1045,13 @@ function negotiate_protocol(smb)
 	end
 	-- Some broken implementations of SMB don't send these variables
 	if(smb['time'] == nil) then
-		time = 0
+		smb['time'] = 0
 	end
 	if(smb['timezone'] == nil) then
-		timezone = 0
+		smb['timezone'] = 0
 	end
 	if(smb['key_length'] == nil) then
-		key_length = 0
+		smb['key_length'] = 0
 	end
 
 	-- Convert the time and timezone to more useful values
@@ -1109,6 +1109,11 @@ function negotiate_protocol(smb)
 		end
 	end
 
+	-- Attempt to fix a bug where an empty server challenges causes an error
+	if(smb['server_challenge'] == "") then
+		smb['server_challenge'] = "AAAAAAAA"
+	end
+
 	return true
 end