Some string optimizations in NSE

Changes fall into these categories: 1. Avoid pathological string building. Loops over x = x .. "foo" can become very slow. Instead, use strbuf.lua, table.concat, or just one continuous concatenation; a = x .. y .. z is one operation, better than a = x .. y; a = a .. z 2. Use hex-escaped strings instead of string.char. I find this more readable in many cases, and it avoids a table lookup and function call. 3. Don't duplicate code. A few libraries and scripts had re-implemented stdnse.generate_random_string or openssl.rand_bytes.
2026-01-06 22:49:02 +00:00 · 2014-09-03 04:49:54 +00:00
parent 25725d369e
commit 40f36a4e3e
26 changed files with 202 additions and 243 deletions
--- a/scripts/nping-brute.nse
+++ b/scripts/nping-brute.nse
@@ -34,14 +34,6 @@ categories = {"brute", "intrusive"}

 portrule = shortport.port_or_service(9929, "nping-echo")

-local function randombytes(x)
-  local bytes = ""
-  for i = 1, x do
-    bytes = bytes .. bin.pack("C", math.random(0x00, 0xff))
-  end
-  return bytes
-end
-
 local function readmessage(socket, length)
  local msg = ""
  while #msg < length do
@@ -103,8 +95,8 @@ Driver =
    local NEP_CLIENT_MAC_ID = "NEPkeyforMACClient2Server"

    local now = nmap.clock()
-    local seqb = randombytes(4)
-    local cnonce = randombytes(32)
+    local seqb = openssl.rand_bytes(4)
+    local cnonce = openssl.rand_bytes(32)
    local nonce = snonce .. cnonce
    local enckey = self:nepkey(password, nonce, NEP_CLIENT_CIPHER_ID)
    local mackey = self:nepkey(password, nonce, NEP_CLIENT_MAC_ID)