From 5cc813f394aedca3f52df7a64522ef7969db94fd Mon Sep 17 00:00:00 2001 From: david Date: Fri, 13 Dec 2019 23:12:45 +0000 Subject: [PATCH] Fix an off-by-one error in stun.lua. https://seclists.org/nmap-dev/2019/q4/8 --- CHANGELOG | 3 +++ nselib/stun.lua | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index cd819831c..c1cf67b98 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -60,6 +60,9 @@ o [NSE] Fixed a bug in http-wordpress-users.nse that could cause o Added a UDP payload for STUN (Session Traversal Utilities for NAT). [David Fifield] +o [NSE] Fixed an off-by-one bug in the stun.lua library that prevented + parsing a server response. [David Fifield] + Nmap 7.80 [2019-08-10] o [Windows] The Npcap Windows packet capturing library (https://npcap.org/) diff --git a/nselib/stun.lua b/nselib/stun.lua index 1b988c2f0..438cdbcc1 100644 --- a/nselib/stun.lua +++ b/nselib/stun.lua @@ -188,7 +188,7 @@ Response = { -- @name Response.Bind.parse parse = function(data) local resp = Response.Bind:new() - local pos = Header.size + local pos = Header.size + 1 resp.header = Header.parse(data) resp.attributes = {} @@ -248,7 +248,7 @@ Comm = { -- err string containing an error message, if status is false -- @name Comm.recv recv = function(self) - local status, hdr_data = self.socket:receive_buf(match.numbytes(Header.size), false) + local status, hdr_data = self.socket:receive_buf(match.numbytes(Header.size), true) if ( not(status) ) then return false, "Failed to receive response from server" end @@ -258,7 +258,7 @@ Comm = { return false, "Failed to parse response header" end - local status, data = self.socket:receive_buf(match.numbytes(header.length), false) + local status, data = self.socket:receive_buf(match.numbytes(header.length), true) if ( header.type == MessageType.BINDING_RESPONSE ) then local resp = Response.Bind.parse(hdr_data .. data) return true, resp