Patch to libraries that were inappropriately using globals.

Often two (or more) scripts using the same library would overwrite the globals each was using. This would result in (at best) an error or (at worst) a deadlock. The patch changes the global accesses to local.
2025-12-07 05:01:29 +00:00 · 2009-07-07 00:20:52 +00:00
parent f6b10157f7
commit 90a712ae2b
19 changed files with 105 additions and 91 deletions
--- a/nselib/datafiles.lua
+++ b/nselib/datafiles.lua
@@ -183,6 +183,7 @@ function parse_lines(lines, data_struct)
      elseif type(value) == "string" or type(value) == "function" then
        ret = get_array( lines, value )
      elseif type(value) == "table" then
        local _
        _, ret[index] = parse_lines( lines, value )
      else
        -- TEMP
--- a/nselib/dns.lua
+++ b/nselib/dns.lua
@@ -717,8 +717,8 @@ end
 -- @param flgStr Flags as a binary digit string.
 -- @return Table representing flags.
 local function decodeFlags(flgStr)
-   flags = {}
+   local flags = {}
-   flgTbl = str2tbl(flgStr)
+   local flgTbl = str2tbl(flgStr)
   if flgTbl[1] == '1' then flags.QR = true end
   if flgTbl[2] == '1' then flags.OC1 = true end   
   if flgTbl[3] == '1' then flags.OC2 = true end
--- a/nselib/imap.lua
+++ b/nselib/imap.lua
@@ -21,7 +21,7 @@ function capabilities(host, port)
   local proto = (port.version and port.version.service_tunnel == "ssl" and "ssl") or "tcp"
   if not socket:connect(host.ip, port.number, proto) then return nil, "Could Not Connect" end
-   status, line = socket:receive_lines(1)
+   local status, line = socket:receive_lines(1)
   if not string.match(line, "^[%*] OK") then return nil, "No Response" end
   socket:send("a001 CAPABILITY\r\n")
--- a/nselib/ipOps.lua
+++ b/nselib/ipOps.lua
@@ -31,6 +31,7 @@ module ( "ipOps" )
 -- @return True or false (or <code>nil</code> in case of an error).
 -- @return String error message in case of an error.
 isPrivate = function( ip )
  local err
  ip, err = expand_ip( ip )
  if err then return nil, err end
@@ -77,7 +78,7 @@ todword = function( ip )
    return nil, "Error in ipOps.todword: Expected IPv4 address."
  end
-  local n, ret = {}
+  local n, ret, err = {}
  n, err = get_parts_as_number( ip )
  if err then return nil, err end
@@ -104,6 +105,7 @@ end
 -- <code>nil</code> in case of an error).
 -- @return String error message in case of an error.
 get_parts_as_number = function( ip )
  local err
  ip, err = expand_ip( ip )
  if err then return nil, err end
@@ -250,6 +252,7 @@ end
 -- <code>nil</code> in case of an error).
 -- @return String error message in case of an error.
 expand_ip = function( ip )
  local err
  if type( ip ) ~= "string" or ip == "" then
    return nil, "Error in ipOps.expand_ip: Expected IP address as a string."
@@ -427,6 +430,7 @@ end
 -- digits (or <code>nil</code> in case of an error).
 -- @return    String error message in case of an error.
 ip_to_bin = function( ip )
  local err
  ip, err = expand_ip( ip )
  if err then return nil, err end
@@ -473,6 +477,7 @@ bin_to_ip = function( binstring )
    return nil, "Error in ipOps.bin_to_ip: Expected string of binary digits."
  end
  local af
  if string.len( binstring ) == 32 then
    af = 4
  elseif string.len( binstring ) == 128 then
@@ -481,7 +486,7 @@ bin_to_ip = function( binstring )
    return nil, "Error in ipOps.bin_to_ip: Expected exactly 32 or 128 binary digits."
  end
-  t = {}
+  local t = {}
  if af == 6 then
    local pattern = string.rep( "[01]", 16 )
    for chunk in string.gmatch( binstring, pattern ) do
--- a/nselib/match.lua
+++ b/nselib/match.lua
@@ -29,7 +29,7 @@ regex = function(pattern)
 	local r = pcre.new(pattern, 0,"C")
 	return function(buf)
-		s,e = r:exec(buf, 0,0);
+		local s,e = r:exec(buf, 0,0);
 		return s,e
 	end
 end
--- a/nselib/msrpc.lua
+++ b/nselib/msrpc.lua
@@ -2122,6 +2122,7 @@ function winreg_queryvalue(smbstate, handle, value)
 	-- Format the type properly and put it in "value"
 	if(result['data'] ~= nil) then
        local _
 		if(result['type'] == "REG_DWORD") then
 			_, result['value'] = bin.unpack("<I", result['data'])
 		elseif(result['type'] == "REG_SZ" or result['type'] == "REG_MULTI_SZ" or result['type'] == "REG_EXPAND_SZ") then
@@ -2855,35 +2856,31 @@ function samr_enum_users(host)
 		local domain = enumdomains_result['sam']['entries'][i]['name']
 		-- We don't care about the 'builtin' domain, in all my tests it's empty
 		if(domain ~= 'Builtin') then
 			local sid
 			local domain_handle
 			local opendomain_result, querydisplayinfo_result
 			-- Call LookupDomain()
-			status, lookupdomain_result = samr_lookupdomain(smbstate, connect_handle, domain)
+			local status, lookupdomain_result = samr_lookupdomain(smbstate, connect_handle, domain)
 			if(status == false) then
 				stop_smb(smbstate)
 				return false, lookupdomain_result
 			end
 			-- Save the sid
-			sid = lookupdomain_result['sid']
+			local sid = lookupdomain_result['sid']
 			-- Call OpenDomain()
-			status, opendomain_result = samr_opendomain(smbstate, connect_handle, sid)
+			local status, opendomain_result = samr_opendomain(smbstate, connect_handle, sid)
 			if(status == false) then
 				stop_smb(smbstate)
 				return false, opendomain_result
 			end
 			-- Save the domain handle
-			domain_handle = opendomain_result['domain_handle']
+			local domain_handle = opendomain_result['domain_handle']
 			-- Loop as long as we're getting valid results	
 			j = 0
 			repeat
 				-- Call QueryDisplayInfo()
-				status, querydisplayinfo_result = samr_querydisplayinfo(smbstate, domain_handle, j, SAMR_GROUPSIZE)
+				local status, querydisplayinfo_result = samr_querydisplayinfo(smbstate, domain_handle, j, SAMR_GROUPSIZE)
 				if(status == false) then
 					stop_smb(smbstate)
 					return false, querydisplayinfo_result
@@ -2975,7 +2972,7 @@ function lsa_enum_users(host)
 	-- Start with some common names, as well as the name returned by the negotiate call
 	-- Vista doesn't like a 'null' after the server name, so fix that (TODO: the way I strip the null here feels hackish, is there a better way?)
-	names = {"administrator", "guest", "test"}
+	local names = {"administrator", "guest", "test"}
 	-- These aren't always sent back (especially with 'extended security')
 	if(smbstate['domain'] ~= nil) then
 		names[#names + 1] = smbstate['domain']
@@ -3471,14 +3468,14 @@ function get_server_stats(host)
 	end
 	-- Bind to SRVSVC service
-	status, bind_result = bind(smbstate, SRVSVC_UUID, SRVSVC_VERSION, nil)
+	local status, bind_result = bind(smbstate, SRVSVC_UUID, SRVSVC_VERSION, nil)
 	if(status == false) then
 		smb.stop(smbstate)
 		return false, bind_result
 	end
 	-- Call netservergetstatistics for 'server'
-	status, netservergetstatistics_result = srvsvc_netservergetstatistics(smbstate, host.ip)
+	local status, netservergetstatistics_result = srvsvc_netservergetstatistics(smbstate, host.ip)
 	if(status == false) then
 		smb.stop(smbstate)
 		return false, netservergetstatistics_result
@@ -3573,24 +3570,23 @@ end
 --@return A table of information about the share (if status is true) or an an error string (if 
 --        status is false).
 function get_share_info(host, name)
 	local status, smbstate
 	local response = {}
 	-- Create the SMB session
-	status, smbstate = start_smb(host, SRVSVC_PATH)
+	local status, smbstate = start_smb(host, SRVSVC_PATH)
 	if(status == false) then
 		return false, smbstate
 	end
 	-- Bind to SRVSVC service
-	status, bind_result = bind(smbstate, SRVSVC_UUID, SRVSVC_VERSION, nil)
+	local status, bind_result = bind(smbstate, SRVSVC_UUID, SRVSVC_VERSION, nil)
 	if(status == false) then
 		smb.stop(smbstate) 
 		return false, bind_result
 	end
 	-- Call NetShareGetInfo
-	status, netsharegetinfo_result = srvsvc_netsharegetinfo(smbstate, host.ip, name, 2)
+	local status, netsharegetinfo_result = srvsvc_netsharegetinfo(smbstate, host.ip, name, 2)
 	if(status == false) then
 		smb.stop(smbstate) 
 		return false, netsharegetinfo_result
--- a/nselib/msrpcperformance.lua
+++ b/nselib/msrpcperformance.lua
@@ -427,10 +427,9 @@ function get_performance_data(host, objects)
 	local status, smbstate
 	local bind_result, openhkpd_result, queryvalue_result, data_block
-	local pos
+	local pos, object_type, counter_result
 	local result = {}
 	local i, j, k
 	local pos
 	-- Create the SMB session
 	status, smbstate = msrpc.start_smb(host, msrpc.WINREG_PATH)
--- a/nselib/msrpctypes.lua
+++ b/nselib/msrpctypes.lua
@@ -455,7 +455,7 @@ local function unmarshall_array(data, pos, count, func, args)
 		args = {}
 	end
-	pos, max_count = bin.unpack("<I", data, pos)
+	local pos, max_count = bin.unpack("<I", data, pos)
 	if(max_count == nil) then
 		stdnse.print_debug(1, "MSRPC: ERROR: Ran off the end of a packet in unmarshall_array(). Please report!")
 	end
@@ -1165,6 +1165,7 @@ end
 --@return (pos, time) The new position, and the time in seconds since 1970. 
 function unmarshall_SYSTEMTIME(data, pos)
 	local date = {}
    local _
 	pos, date['year'], date['month'], _, date['day'], date['hour'], date['min'], date['sec'], _ = bin.unpack("<SSSSSSSS", data, pos)
 	if(date['sec'] == nil) then
@@ -1227,14 +1228,13 @@ end
 --@param default The default value to return if the lookup was unsuccessful. 
 --@return (pos, policy_handle) The new position, and a table representing the policy_handle. 
 local function unmarshall_Enum32(data, pos, table, default)
 	local i, v
 	stdnse.print_debug(4, string.format("MSRPC: Entering unmarshall_Enum32()"))
 	if(default == nil) then
 		default = "<unknown>"
 	end
-	pos, val = unmarshall_int32(data, pos)
+	local pos, val = unmarshall_int32(data, pos)
 	for i, v in pairs(table) do
 		if(v == val) then
@@ -1257,14 +1257,13 @@ end
 --@param pad     [optional] If set, will ensure that we end up on an even multiple of 4. Default: true. 
 --@return (pos, policy_handle) The new position, and a table representing the policy_handle. 
 local function unmarshall_Enum16(data, pos, table, default, pad)
 	local i, v
 	stdnse.print_debug(4, string.format("MSRPC: Entering unmarshall_Enum16()"))
 	if(default == nil) then
 		default = "<unknown>"
 	end
-	pos, val = unmarshall_int16(data, pos, pad)
+	local pos, val = unmarshall_int16(data, pos, pad)
 	for i, v in pairs(table) do
 		if(v == val) then
@@ -1474,7 +1473,7 @@ function unmarshall_dom_sid2(data, pos)
 	end
 	-- Convert the SID to a string
-	result = string.format("S-%u-%u", sid['sid_rev_num'], sid['authority'])
+	local result = string.format("S-%u-%u", sid['sid_rev_num'], sid['authority'])
 	for i = 1, sid['num_auths'], 1 do
 		result = result .. string.format("-%u", sid['sub_auths'][i])
 	end
@@ -1528,7 +1527,7 @@ function marshall_dom_sid2(sid)
 		return nil
 	end
-	pos = 3
+	local pos = 3
 	pos_next = string.find(sid, "-", pos)
 	sid_array['sid_rev_num'] = string.sub(sid, pos, pos_next - 1)
--- a/nselib/netbios.lua
+++ b/nselib/netbios.lua
@@ -289,12 +289,12 @@ function do_nbstat(host)
 	socket:set_timeout(1000)
-	status, result = socket:receive_bytes(1)
+	local status, result = socket:receive_bytes(1)
 	if(status == false) then
 		return false, result
 	end
-	close_status, err = socket:close()
+	local close_status, err = socket:close()
 	if(close_status == false) then
 		return false, err
 	end
--- a/nselib/nsedebug.lua
+++ b/nselib/nsedebug.lua
@@ -65,7 +65,7 @@ function print_hex(str)
 		-- Loop through the string, printing the hex
 		for char=1, 16, 1 do
-			ch = string.byte(str, ((line - 1) * 16) + char)
+			local ch = string.byte(str, ((line - 1) * 16) + char)
 			io.write(string.format("%02x ", ch))
 		end
@@ -73,7 +73,7 @@ function print_hex(str)
 		-- Loop through the string again, this time the ascii
 		for char=1, 16, 1 do
-			ch = string.byte(str, ((line - 1) * 16) + char)
+			local ch = string.byte(str, ((line - 1) * 16) + char)
 			if ch < 0x20 or ch > 0x7f then
 				ch = string.byte(".", 1)
 			end
@@ -84,18 +84,18 @@ function print_hex(str)
 	end
 	-- Prints out the final, partial line
-	line = math.floor((string.len(str)/16)) + 1
+	local line = math.floor((string.len(str)/16)) + 1
 	io.write(string.format("%08x ", (line - 1) * 16))
 	for char=1, string.len(str) % 16, 1 do
-		ch = string.byte(str, ((line - 1) * 16) + char)
+		local ch = string.byte(str, ((line - 1) * 16) + char)
 		io.write(string.format("%02x ", ch))
 	end
 	io.write(string.rep("   ", 16 - (string.len(str) % 16)));
 	io.write("   ")
 	for char=1, string.len(str) % 16, 1 do
-		ch = string.byte(str, ((line - 1) * 16) + char)
+		local ch = string.byte(str, ((line - 1) * 16) + char)
 		if ch < 0x20 or ch > 0x7f then
 			ch = string.byte(".", 1)
 		end
--- a/nselib/packet.lua
+++ b/nselib/packet.lua
@@ -285,14 +285,14 @@ end
 --- Set the source IP address.
 -- @param binip The source IP address as a byte string.
 function Packet:ip_set_bin_src(binip)
-	nrip = u32(binip, 0)
+	local nrip = u32(binip, 0)
 	self:set_u32(self.ip_offset + 12, nrip)
 	self.ip_bin_src		= self:raw(self.ip_offset + 12,4)	-- raw 4-bytes string
 end
 --- Set the destination IP address.
 -- @param binip The destination IP address as a byte string.
 function Packet:ip_set_bin_dst(binip)
-	nrip = u32(binip, 0)
+	local nrip = u32(binip, 0)
 	self:set_u32(self.ip_offset + 16, nrip)
 	self.ip_bin_dst		= self:raw(self.ip_offset + 16,4)
 end
--- a/nselib/pop3.lua
+++ b/nselib/pop3.lua
@@ -43,7 +43,7 @@ end
 -- @return Error code if status is false.
 function login_user(socket, user, pw)
   socket:send("USER " .. user .. "\r\n")
-   status, line = socket:receive_lines(1)
+   local status, line = socket:receive_lines(1)
   if not stat(line) then return false, err.user_error end
   socket:send("PASS " .. pw .. "\r\n")
@@ -67,7 +67,7 @@ function login_sasl_plain(socket, user, pw)
   local auth64 = base64.enc(user .. "\0" .. user .. "\0" .. pw)
   socket:send("AUTH PLAIN " .. auth64 .. "\r\n")
-   status, line = socket:receive_lines(1)
+   local status, line = socket:receive_lines(1)
   if stat(line) then 
      return true, err.none
@@ -91,14 +91,14 @@ function login_sasl_login(socket, user, pw)
   socket:send("AUTH LOGIN\r\n")
-   status, line = socket:receive_lines(1)
+   local status, line = socket:receive_lines(1)
   if not base64.dec(string.sub(line, 3)) == "User Name:" then 
      return false, err.userError 
   end
   socket:send(user64)
-   status, line = socket:receive_lines(1)
+   local status, line = socket:receive_lines(1)
   if not base64.dec(string.sub(line, 3)) == "Password:" then 
      return false, err.userError
@@ -106,7 +106,7 @@ function login_sasl_login(socket, user, pw)
   socket:send(pw64)
-   status, line = socket:receive_lines(1)
+   local status, line = socket:receive_lines(1)
   if stat(line) then
      return true, err.none
@@ -129,7 +129,7 @@ function login_apop(socket, user, pw, challenge)
   local apStr = stdnse.tohex(openssl.md5(challenge .. pw))
   socket:send(("APOP %s %s\r\n"):format(user, apStr))
-   status, line = socket:receive_lines(1)
+   local status, line = socket:receive_lines(1)
   if (stat(line)) then 
      return true, err.none
@@ -152,14 +152,14 @@ function capabilities(host, port)
   local opts = {timeout=10000, recv_before=true}
   local i = 1
-   socket, line, bopt, first_line = comm.tryssl(host, port, "CAPA\r\n" , opts)
+   local socket, line, bopt, first_line = comm.tryssl(host, port, "CAPA\r\n" , opts)
   if not socket then return nil, "Could Not Connect" end
   if not stat(first_line) then return nil, "No Response" end
   if string.find(first_line, "<[%p%w]+>") then capas.APOP = true end
-   lines = stdnse.strsplit("\r\n",line)
+   local lines = stdnse.strsplit("\r\n",line)
-   line = lines[1]
+   local line = lines[1]
   if not stat(line) then 
      capas.capa = false
@@ -199,7 +199,7 @@ function login_sasl_crammd5(socket, user, pw)
   socket:send("AUTH CRAM-MD5\r\n")
-   status, line = socket:receive_lines(1)
+   local status, line = socket:receive_lines(1)
   local challenge = base64.dec(string.sub(line, 3))
@@ -207,7 +207,7 @@ function login_sasl_crammd5(socket, user, pw)
   local authStr = base64.enc(user .. " " .. digest)
   socket:send(authStr .. "\r\n")
-   status, line = socket:receive_lines(1)
+   local status, line = socket:receive_lines(1)
   if stat(line) then 
      return true, err.none
--- a/nselib/smb.lua
+++ b/nselib/smb.lua
@@ -309,7 +309,7 @@ function add_account(host, username, password)
 	if(string.lower(username) ~= "guest" and string.lower(username) ~= "") then
 		-- Save the new account if this is our first one, or our other account isn't an admin
 		if(nmap.registry[host.ip]['smbaccount'] == nil or nmap.registry[host.ip]['smbaccount']['is_admin'] == false) then
-			local result
+			local result, _
 			nmap.registry[host.ip]['smbaccount'] = {}
 			nmap.registry[host.ip]['smbaccount']['username'] = username
@@ -587,7 +587,7 @@ function start_netbios(host, port, name)
 	-- If all else fails, use each substring of the DNS name (this is a HUGE hack, but is actually
 	-- a recommended way of doing this!)
 	if(host.name ~= nil and host.name ~= "") then
-		new_names = get_subnames(host.name)
+		local new_names = get_subnames(host.name)
 		for i = 1, #new_names, 1 do
 			names[#names + 1] = new_names[i]
 		end
@@ -604,7 +604,7 @@ function start_netbios(host, port, name)
 		-- Some debug information
 		stdnse.print_debug(1, "SMB: Trying to start NetBIOS session with name = '%s'", name)
 		-- Request a NetBIOS session
-		session_request = bin.pack(">CCSzz", 
+		local session_request = bin.pack(">CCSzz", 
 					0x81,                        -- session request
 					0x00,                        -- flags
 					0x44,                        -- length
@@ -999,7 +999,7 @@ function negotiate_protocol(smb)
 	-- Send the negotiate request
 	stdnse.print_debug(2, "SMB: Sending SMB_COM_NEGOTIATE")
-	result, err = smb_send(smb, header, parameters, data)
+	local result, err = smb_send(smb, header, parameters, data)
 	if(status == false) then
 		return false, err
 	end
@@ -1011,6 +1011,7 @@ function negotiate_protocol(smb)
 	end
 	-- Parse out the header
    local uid, tid, header4
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	-- Check if we fell off the packet (if that happened, the last parameter will be nil)
@@ -1112,9 +1113,9 @@ function negotiate_protocol(smb)
 end
 function start_session_basic(smb, overrides, use_default, log_errors)
-	local i
+	local i, err
 	local status, result
-	local header, parameters, data
+	local header, parameters, data, domain
 	local pos
 	local header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid 
 	local andx_command, andx_reserved, andx_offset, action
@@ -1234,7 +1235,7 @@ end
 function start_session_extended(smb, overrides, use_default, log_errors)
 	local i
-	local status, status_name, result
+	local status, status_name, result, err
 	local header, parameters, data
 	local pos
 	local header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid 
@@ -1416,7 +1417,7 @@ end
 --        table with the following elements:
 --      * 'tid'         The TreeID for the session
 function tree_connect(smb, path)
-	local header, parameters, data
+	local header, parameters, data, err, result
 	local pos
 	local header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, pid, mid 
 	local andx_command, andx_reserved, andx_offset, action
@@ -1449,6 +1450,7 @@ function tree_connect(smb, path)
 	end
 	-- Check if we were allowed in
    local uid, tid
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
 		return false, "SMB: ERROR: Ran off the end of SMB packet; likely due to server truncation [20]"
@@ -1480,18 +1482,19 @@ function tree_disconnect(smb)
 	-- Send the tree disconnect request
 	stdnse.print_debug(2, "SMB: Sending SMB_COM_TREE_DISCONNECT")
-	result, err = smb_send(smb, header, "", "")
+	local result, err = smb_send(smb, header, "", "")
 	if(result == false) then
 		return false, err
 	end
 	-- Read the result
-	status, header, parameters, data = smb_read(smb)
+	local status, header, parameters, data = smb_read(smb)
 	if(status ~= true) then
 		return false, header
 	end
 	-- Check if there was an error
    local uid, tid, pos
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
 		return false, "SMB: ERROR: Ran off the end of SMB packet; likely due to server truncation [21]"
@@ -1512,7 +1515,7 @@ end
 --@return (status, result) If statis is false, result is an error message. If status is true, 
 --              the logoff was successful. 
 function logoff(smb)
-	local header, parameters
+	local header, parameters, data
 	local header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, pid, mid 
 	header = smb_encode_header(smb, command_codes['SMB_COM_LOGOFF_ANDX'])
@@ -1526,7 +1529,7 @@ function logoff(smb)
 	-- Send the tree disconnect request
 	stdnse.print_debug(2, "SMB: Sending SMB_COM_LOGOFF_ANDX")
-	result, err = smb_send(smb, header, parameters, "")
+	local result, err = smb_send(smb, header, parameters, "")
 	if(result == false) then
 		return false, err
 	end
@@ -1543,6 +1546,7 @@ function logoff(smb)
 	smb['mac_key']  = nil
 	-- Check if there was an error
    local uid, tid, pos
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
 		return false, "SMB: ERROR: Ran off the end of SMB packet; likely due to server truncation [22]"
@@ -1598,7 +1602,7 @@ function create_file(smb, path)
 	-- Send the create file
 	stdnse.print_debug(2, "SMB: Sending SMB_COM_NT_CREATE_ANDX")
-	result, err = smb_send(smb, header, parameters, data)
+	local result, err = smb_send(smb, header, parameters, data)
 	if(result == false) then
 		return false, err
 	end
@@ -1610,6 +1614,7 @@ function create_file(smb, path)
 	end
 	-- Check if we were allowed in
    local uid, tid
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
 		return false, "SMB: ERROR: Ran off the end of SMB packet; likely due to server truncation [23]"
@@ -1675,7 +1680,7 @@ function read_file(smb, offset, count)
 	-- Send the create file
 	stdnse.print_debug(2, "SMB: Sending SMB_COM_READ_ANDX")
-	result, err = smb_send(smb, header, parameters, data)
+	local result, err = smb_send(smb, header, parameters, data)
 	if(result == false) then
 		return false, err
 	end
@@ -1687,6 +1692,7 @@ function read_file(smb, offset, count)
 	end
 	-- Check if we were allowed in
    local uid, tid
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
@@ -1760,7 +1766,7 @@ function write_file(smb, write_data, offset)
 	-- Send the create file
 	stdnse.print_debug(2, "SMB: Sending SMB_COM_WRITE_ANDX")
-	result, err = smb_send(smb, header, parameters, data)
+	local result, err = smb_send(smb, header, parameters, data)
 	if(result == false) then
 		return false, err
 	end
@@ -1772,6 +1778,7 @@ function write_file(smb, write_data, offset)
 		return false, header
 	end
    local uid, tid
 	-- Check if we were allowed in
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
@@ -1782,6 +1789,7 @@ function write_file(smb, write_data, offset)
 	end
 	-- Parse the parameters
    local reserved, count_high, remaining, count_low
 	pos, andx_command, andx_reserved, andx_offset, count_low, remaining, count_high, reserved  = bin.unpack("<CCSSSSS", parameters)
 	if(reserved == nil) then
 		return false, "SMB: ERROR: Ran off the end of SMB packet; likely due to server truncation [28]"
@@ -1816,7 +1824,7 @@ function close_file(smb)
 	-- Send the close file
 	stdnse.print_debug(2, "SMB: Sending SMB_CLOSE")
-	result, err = smb_send(smb, header, parameters, data)
+	local result, err = smb_send(smb, header, parameters, data)
 	if(result == false) then
 		return false, err
 	end
@@ -1828,6 +1836,7 @@ function close_file(smb)
 	end
 	-- Check if the close was successful
    local uid, tid
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
 		return false, "SMB: ERROR: Ran off the end of SMB packet; likely due to server truncation [27]"
@@ -1862,7 +1871,7 @@ function delete_file(smb, path)
 	-- Send the close file
 	stdnse.print_debug(2, "SMB: Sending SMB_CLOSE")
-	result, err = smb_send(smb, header, parameters, data)
+	local result, err = smb_send(smb, header, parameters, data)
 	if(result == false) then
 		return false, err
 	end
@@ -1874,6 +1883,7 @@ function delete_file(smb, path)
 	end
 	-- Check if the close was successful
    local uid, tid
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
 		return false, "SMB: ERROR: Ran off the end of SMB packet; likely due to server truncation [27]"
@@ -1946,7 +1956,7 @@ function send_transaction_named_pipe(smb, function_parameters, function_data, pi
 	-- Send the transaction request
 	stdnse.print_debug(2, "SMB: Sending SMB_COM_TRANSACTION")
-	result, err = smb_send(smb, header, parameters, data)
+	local result, err = smb_send(smb, header, parameters, data)
 	if(result == false) then
 		return false, err
 	end
@@ -1958,6 +1968,7 @@ function send_transaction_named_pipe(smb, function_parameters, function_data, pi
 	end
 	-- Check if it worked
    local uid, tid, pos
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
 		return false, "SMB: ERROR: Ran off the end of SMB packet; likely due to server truncation [29]"
@@ -2031,7 +2042,7 @@ function send_transaction_waitnamedpipe(smb, priority, pipe)
 	-- Send the transaction request
 	stdnse.print_debug(2, "SMB: Sending SMB_COM_TRANSACTION (WaitNamedPipe)")
-	result, err = smb_send(smb, header, parameters, data)
+	local result, err = smb_send(smb, header, parameters, data)
 	if(result == false) then
 		return false, err
 	end
@@ -2043,6 +2054,7 @@ function send_transaction_waitnamedpipe(smb, priority, pipe)
 	end
 	-- Check if it worked
    local uid, tid, pos
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
 		return false, "SMB: ERROR: Ran off the end of SMB packet; likely due to server truncation [31]"
@@ -2073,7 +2085,7 @@ end
 --@param share      The share to upload it to (eg, C$). 
 --@param remotefile The remote file on the machine. It is relative to the share's root. 
 function file_upload(host, localfile, share, remotefile)
-	local status, smbstate
+	local status, err, smbstate
 	local chunk = 1024
 	local filename = nmap.fetchfile(localfile)
--- a/nselib/smbauth.lua
+++ b/nselib/smbauth.lua
@@ -92,6 +92,8 @@ local NTLMSSP_NEGOTIATE = 0x00000001
 local NTLMSSP_CHALLENGE = 0x00000002
 local NTLMSSP_AUTH      = 0x00000003
 local session_key = string.rep(string.char(0x00), 16)
 local function to_unicode(str)
 	local unicode = ""
@@ -302,9 +304,8 @@ function ntlmv2_create_response(ntlm, username, domain, challenge, client_challe
 	end
 	local client_challenge = openssl.rand_bytes(client_challenge_length)
 	local ntlmv2_hash
-	status, ntlmv2_hash = ntlmv2_create_hash(ntlm, username, domain)
+	local status, ntlmv2_hash = ntlmv2_create_hash(ntlm, username, domain)
 	return true, openssl.hmac("MD5", ntlmv2_hash, challenge .. client_challenge) .. client_challenge
 end
@@ -404,9 +405,11 @@ end
 --                 and the mac_key, which is used for message signing. 
 local function get_password_response(ip, username, domain, password, password_hash, challenge, hash_type, is_extended)
    local status
 	local lm_hash   = nil
 	local ntlm_hash = nil
 	local mac_key   = nil
    local lm_response, ntlm_response
 	-- Check if there's a password or hash set. This is a little tricky, because in all places (except the one passed
 	-- as a parameter), it's based on whether or not the username was stored. This lets us use blank passwords by not
@@ -570,7 +573,7 @@ function get_accounts(ip, overrides, use_defaults)
 	-- Do the "anonymous" account
 	if(use_defaults) then
-		result = {}
+		local result = {}
 		result['username'] = ""
 		result['domain']   = ""
 		results[#results + 1] = result
@@ -598,10 +601,6 @@ function get_security_blob(security_blob, ip, username, domain, hash_type, overr
 	local new_blob
 	local flags = 0x00008211 -- (NEGOTIATE_SIGN_ALWAYS | NEGOTIATE_NTLM | NEGOTIATE_SIGN | NEGOTIATE_UNICODE)
 	if(session_key == nil) then
 		session_key = string.rep(string.char(0x00), 16)
 	end
 	if(security_blob == nil) then
 		-- If security_blob is nil, this is the initial packet
 		new_blob = bin.pack("<zIILL", 
--- a/nselib/snmp.lua
+++ b/nselib/snmp.lua
@@ -176,6 +176,7 @@ local function decodeSeq(encStr, len, pos)
   local sStr
   pos, sStr = bin.unpack("A" .. len, encStr, pos)
   while (sPos < len) do
      local newSeq
      sPos, newSeq = decode(sStr, sPos)
      table.insert(seq, newSeq)
      i = i + 1
@@ -206,6 +207,7 @@ function decode(encStr, pos)
   elseif (etype == "06") then -- OID
      local oid = {}
      oid._snmp = '06'
      local octet
      pos, octet = bin.unpack("C", encStr, pos)
      oid[2] = math.mod(octet, 40)
      octet = octet - oid[2]
--- a/nselib/ssh1.lua
+++ b/nselib/ssh1.lua
@@ -26,7 +26,7 @@ require "openssl"
 check_packet_length = function( buffer )
  local payload_length, packet_length, offset
  offset, payload_length = bin.unpack( ">I", buffer )
-  padding = 8 - payload_length % 8
+  local padding = 8 - payload_length % 8
  assert(payload_length)
  packet_length = buffer:len()
  if payload_length + 4 + padding > packet_length then return nil end
@@ -42,7 +42,7 @@ end
 --  @return status True or false
 --  @return packet The packet received
 receive_ssh_packet = function( socket )
-  status, packet = socket:receive_buf(check_packet_length)
+  local status, packet = socket:receive_buf(check_packet_length)
  return status, packet
 end
@@ -55,7 +55,7 @@ end
 -- <code>fingerprint</code>.
 fetch_host_key = function(host, port)
  local socket = nmap.new_socket()
-  local status
+  local status, _
  status = socket:connect(host.ip, port.number)
  if not status then return end
@@ -169,7 +169,7 @@ fingerprint_visual = function( fingerprint, algorithm, bits )
  end
  -- we start in the center and mark it
-  x, y = math.ceil(fieldsize_x/2), math.ceil(fieldsize_y/2)
+  local x, y = math.ceil(fieldsize_x/2), math.ceil(fieldsize_y/2)
  field[x][y] = #characters - 1;
  -- iterate over fingerprint 
--- a/nselib/ssh2.lua
+++ b/nselib/ssh2.lua
@@ -43,7 +43,7 @@ end
 --  @return status True or false
 --  @return packet The packet received
 transport.receive_packet = function( socket )
-  status, packet = socket:receive_buf(check_packet_length)
+  local status, packet = socket:receive_buf(check_packet_length)
  return status, packet
 end
@@ -95,12 +95,12 @@ end
 --- Build a <code>kex_init</code> packet.
 transport.kex_init = function( cookie, options )
  options = options or {}
-  kex_algorithms = "diffie-hellman-group1-sha1"
+  local kex_algorithms = "diffie-hellman-group1-sha1"
-  host_key_algorithms = options['host_key_algorithms'] or "ssh-dss,ssh-rsa"
+  local host_key_algorithms = options['host_key_algorithms'] or "ssh-dss,ssh-rsa"
-  encryption_algorithms = "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr"
+  local encryption_algorithms = "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr"
-  mac_algorithms = "hmac-md5,hmac-sha1,hmac-ripemd160"
+  local mac_algorithms = "hmac-md5,hmac-sha1,hmac-ripemd160"
-  compression_algorithms = "none"
+  local compression_algorithms = "none"
-  languages = ""
+  local languages = ""
  local payload = bin.pack( ">cAaa", SSH2.SSH_MSG_KEXINIT, cookie, kex_algorithms, host_key_algorithms )
  payload = payload .. bin.pack( ">aa", encryption_algorithms, encryption_algorithms )
--- a/nselib/tab.lua
+++ b/nselib/tab.lua
@@ -113,7 +113,7 @@ function dump(t)
 	for i=1,t['rows'] do
 		for x=1, t['cols'] do
 			if t[i][x] ~= nil then
-				length = string.len(t[i][x])
+				local length = string.len(t[i][x])
 				table = table .. t[i][x]
 				table = table .. string.rep(' ', col_len[x]-length)
 			end
--- a/nselib/url.lua
+++ b/nselib/url.lua
@@ -213,6 +213,7 @@ end
 -- @return The corresponding absolute URL.
 -----------------------------------------------------------------------------
 function absolute(base_url, relative_url)
    local base_parsed;
    if type(base_url) == "table" then
        base_parsed = base_url
        base_url = build(base_parsed)
@@ -313,7 +314,7 @@ function parse_query(query)
 	query = string.gsub(query, "&lt;", "<")
 	query = string.gsub(query, "&gt;", ">")
-	function ginsert(qstr)
+	local function ginsert(qstr)
 		local first, last = string.find(qstr, "=")
 		if first then
 			parsed[string.sub(qstr, 0, first-1)] = string.sub(qstr, first+1)