From 93eee124c2a13f34b64e970c8a26c8d4f80c93c9 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 26 Apr 2013 12:14:44 +0000
Subject: [PATCH] Fix usage of nmap.fetchfile in several scripts

Discussion thread: http://seclists.org/nmap-dev/2013/q2/121

Existing behavior preserved and preferred, but absolute and local paths
should also work now. Notably, smb-psexec's locate_file function claimed
to check current directory but did not.
---
 scripts/http-iis-webdav-vuln.nse |  9 +++-----
 scripts/http-sql-injection.nse   |  2 +-
 scripts/jdwp-inject.nse          |  4 ++--
 scripts/sip-enum-users.nse       |  2 +-
 scripts/smb-psexec.nse           | 39 +++++++++++++++++++-------------
 5 files changed, 30 insertions(+), 26 deletions(-)

diff --git a/scripts/http-iis-webdav-vuln.nse b/scripts/http-iis-webdav-vuln.nse
index c9edaa991..e9efc8a62 100644
--- a/scripts/http-iis-webdav-vuln.nse
+++ b/scripts/http-iis-webdav-vuln.nse
@@ -107,11 +107,8 @@ local function go(host, port)
 	local is_vulnerable = true
 
 	local folder_file
-	if(nmap.registry.args.folderdb ~= nil) then
-		folder_file = nmap.fetchfile(nmap.registry.args.folderdb)
-	else
-		folder_file = nmap.fetchfile('nselib/data/http-folders.txt')
-	end
+  local farg = nmap.registry.args.folderdb
+  folder_file = farg and (nmap.fetchfile(farg) or farg) or nmap.fetchfile('nselib/data/http-folders.txt')
 
 	if(folder_file == nil) then
 		return false, "Couldn't find http-folders.txt (should be in nselib/data)"
@@ -119,7 +116,7 @@ local function go(host, port)
 
 	local file = io.open(folder_file, "r")
 	if not file then
-		return false, "Couldn't find http-folders.txt (should be in nselib/data)"
+		return false, ("Couldn't find or open %s"):format(folder_file)
 	end
 
 	while true do
diff --git a/scripts/http-sql-injection.nse b/scripts/http-sql-injection.nse
index 05f0ef299..5be7c2957 100644
--- a/scripts/http-sql-injection.nse
+++ b/scripts/http-sql-injection.nse
@@ -208,7 +208,7 @@ end
 
 -- load error strings to the errorstrings table
 local function get_error_strings(path)
-  local f = nmap.fetchfile(path)
+  local f = nmap.fetchfile(path) or path
   if f then
     for e in io.lines(f) do
       if not string.match(e, "^#") then
diff --git a/scripts/jdwp-inject.nse b/scripts/jdwp-inject.nse
index dbd5d9f5f..015ac92fa 100644
--- a/scripts/jdwp-inject.nse
+++ b/scripts/jdwp-inject.nse
@@ -12,7 +12,7 @@ Attempts to exploit java's remote debugging port.  When remote debugging port is
 After injection, class' run() method is executed.
 Method run() has no parameters, and is expected to return a string.
 
-You can specify your own .class file to inject by <code>filename</code> argument.
+You must specify your own .class file to inject by <code>filename</code> argument.
 See nselib/data/jdwp-class/README for more.
 ]]
 
@@ -51,7 +51,7 @@ action = function(host, port)
 	if filename == nil then
 		return stdnse.format_output(false, "This script requires a .class file to inject.")
 	end
-	local file = io.open(nmap.fetchfile(filename), "rb") 
+	local file = io.open(nmap.fetchfile(filename) or filename, "rb") 
 	local class_bytes = file:read("*all")
 	
 	-- inject the class
diff --git a/scripts/sip-enum-users.nse b/scripts/sip-enum-users.nse
index f697af35c..3cc67029b 100644
--- a/scripts/sip-enum-users.nse
+++ b/scripts/sip-enum-users.nse
@@ -118,7 +118,7 @@ end
 -- @return status false if error.
 -- @return string current line.
 local useriterator = function(list)
-    local f = nmap.fetchfile(list)
+    local f = nmap.fetchfile(list) or list
     if not f then
 	return false, ("\n ERROR: Couldn't find %s"):format(list)
     end
diff --git a/scripts/smb-psexec.nse b/scripts/smb-psexec.nse
index 36a6273ec..b8e2bb233 100644
--- a/scripts/smb-psexec.nse
+++ b/scripts/smb-psexec.nse
@@ -521,24 +521,31 @@ local function locate_file(filename, extension)
 
 	extension = extension or ""
 
-	local filename_full = nmap.fetchfile(filename)
-	if(filename_full == nil) then
-		filename_full = nmap.fetchfile(filename .. "." .. extension)
+	local filename_full = nmap.fetchfile(filename) or nmap.fetchfile(filename .. "." .. extension)
 
-		if(filename_full == nil) then
-			filename = "nselib/data/psexec/" .. filename
-			filename_full = nmap.fetchfile(filename)
+  if(filename_full == nil) then
+    local psexecfile = "nselib/data/psexec/" .. filename
+    filename_full = nmap.fetchfile(psexecfile) or nmap.fetchfile(psexecfile .. "." .. extension)
+  end
 
-			if(filename_full == nil) then
-				filename_full = nmap.fetchfile(filename .. "." .. extension)
-			end
-		end
-	end
-
-	-- Die if we couldn't find the file
-	if(filename_full == nil) then
-		return nil
-	end
+  -- check for absolute path or relative to current directory
+  if(filename_full == nil) then 
+    f, err = io.open(filename, "rb")
+    if f == nil then
+      stdnse.print_debug(1, "%s: Error opening %s: %s", SCRIPT_NAME, filename, err)
+      f, err = io.open(filename .. "." .. extension, "rb")
+      if f == nil then
+        stdnse.print_debug(1, "%s: Error opening %s.%s: %s", SCRIPT_NAME, filename, extension, err)
+        return nil -- unnecessary, but explicit
+      else
+        f:close()
+        return filename .. "." .. extension
+      end
+    else
+      f:close()
+      return filename
+    end
+  end
 
 	return filename_full
 end