From 8d46f720a5115718b492dd0894be52cdc75454c0 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 9 Mar 2018 06:26:46 +0000
Subject: [PATCH] Get more than one address. Fixes #1114. Closes #1115

---
 CHANGELOG                   |  3 +++
 nselib/bitcoin.lua          | 18 ++++++++++++++----
 scripts/bitcoin-getaddr.nse |  2 +-
 3 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 525320251..605b46a61 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 #Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE][GH#1114] Update bitcoin-getaddr to receive more than one response
+  message, since the first message usually only has one address in it. [h43z]
+
 o [Ncat][GH#1139] Ncat now selects the correct default port for a given proxy
   type. [Pavel Zhukov]
 
diff --git a/nselib/bitcoin.lua b/nselib/bitcoin.lua
index 650b083af..15516e0e2 100644
--- a/nselib/bitcoin.lua
+++ b/nselib/bitcoin.lua
@@ -463,7 +463,7 @@ Response = {
     elseif ( "alert" == cmd ) then
       return true, Response.Alert:new(data)
     else
-      return false, ("Unknown command (%s)"):format(cmd)
+      return true, ("Unknown command (%s)"):format(cmd)
     end
   end,
 }
@@ -577,13 +577,23 @@ Helper = {
       return false, "Failed to send \"GetAddr\" request to server"
     end
 
-    -- take care of any alerts that may be incoming
     local status, response = Response.recvPacket(self.socket, self.version)
-    while ( status and response and response.type == "Alert" ) do
+    local all_addrs = {}
+    local limit = 10
+    -- Usually sends an addr response with 1 address,
+    -- then some other stuff like getheaders or ping,
+    -- then one with hundreds of addrs.
+    while status and #all_addrs <= 1 and limit > 0 do
+      limit = limit - 1
       status, response = Response.recvPacket(self.socket, self.version)
+      if status and response.cmd == "addr" then
+        for _, addr in ipairs(response.addresses) do
+          all_addrs[#all_addrs+1] = addr
+        end
+      end
     end
 
-    return status, response
+    return #all_addrs > 0, all_addrs
   end,
 
   -- Reads a message from the server
diff --git a/scripts/bitcoin-getaddr.nse b/scripts/bitcoin-getaddr.nse
index 6138f6e1e..2108feb17 100644
--- a/scripts/bitcoin-getaddr.nse
+++ b/scripts/bitcoin-getaddr.nse
@@ -63,7 +63,7 @@ action = function(host, port)
   local response = tab.new(2)
   tab.addrow(response, "ip", "timestamp")
 
-  for _, node in ipairs(nodes.addresses or {}) do
+  for _, node in ipairs(nodes or {}) do
     if ( target.ALLOW_NEW_TARGETS ) then
       target.add(node.address.host)
     end