From 99fa80851c6381be08e4dfd70d84bd43d94e7fc6 Mon Sep 17 00:00:00 2001 From: nnposter Date: Sun, 5 Mar 2017 15:41:46 +0000 Subject: [PATCH] Preserves targetname for connections requested with option any_af. Relocates option any_af to comm.lua to make it more broadly available. --- CHANGELOG | 4 ++++ nselib/comm.lua | 8 ++++++++ nselib/http.lua | 9 ++------- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 656c817df..602b43677 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,9 @@ # Nmap Changelog ($Id$); -*-text-*- +o [GH#708][NSE] TLS SNI now works correctly for NSE HTTP requests initiated + with option any_af. As an added benefit, option any_af is now available for + all connections via comm.lua, not just HTTP requests. [nnposter] + o [NSE][GH#713] New script impress-remote-discover attempts to pair with the LibreOffice Impress presentation remote service and extract version info. Pairing is PIN-protected, and the script can optionally brute-force the PIN. diff --git a/nselib/comm.lua b/nselib/comm.lua index 11601d6b2..a3178ebb9 100644 --- a/nselib/comm.lua +++ b/nselib/comm.lua @@ -14,6 +14,7 @@ -- * connect_timeout - socket timeout for connection. Default: same as stdnse.get_timeout -- * request_timeout - additional socket timeout for requests. This is added to the connect_timeout to get a total time for a request to receive a response. Default: 6000ms -- * recv_before - boolean, receive data before sending first payload +-- * any_af - boolean, allow connecting to any address family, inet or inet6. By default, these functions will only use the same AF as nmap.address_family to resolve names. -- -- If both "bytes" and "lines" are provided, -- "lines" takes precedence. If neither are given, the functions @@ -64,6 +65,13 @@ local setup_connect = function(host, port, opts) sock:set_timeout(connect_timeout) + if type(host) == "string" and opts.any_af then + local status, addrs = nmap.resolve(host) + if status then + host = {ip = addrs[1], targetname = host} + end + end + local status, err = sock:connect(host, port, opts.proto) if not status then diff --git a/nselib/http.lua b/nselib/http.lua index b7167f7af..e3eb4998f 100644 --- a/nselib/http.lua +++ b/nselib/http.lua @@ -72,7 +72,7 @@ -- * bypass_cache: Do not perform a lookup in the local HTTP cache. -- * no_cache: Do not save the result of this request to the local HTTP cache. -- * no_cache_body: Do not save the body of the response to the local HTTP cache. --- * any_af: Allow connecting to any address family, inet or inet6. By default, these functions will only use the same AF as nmap.address_family to resolve names. +-- * any_af: Allow connecting to any address family, inet or inet6. By default, these functions will only use the same AF as nmap.address_family to resolve names. (This option is a straight pass-thru to comm.lua functions.) -- * redirect_ok: Closure that overrides the default redirect_ok used to validate whether to follow HTTP redirects or not. False, if no HTTP redirects should be followed. Alternatively, a number may be passed to change the number of redirects to follow. -- The following example shows how to write a custom closure that follows 5 consecutive redirects, without the safety checks in the default redirect_ok: -- @@ -1192,12 +1192,7 @@ local function request(host, port, data, options) method = string.match(data, "^(%S+)") - if type(host) == "string" and options.any_af then - local status, addrs = nmap.resolve(host) - host = addrs[1] or host - end - - local socket, partial, opts = comm.tryssl(host, port, data, { timeout = options.timeout }) + local socket, partial, opts = comm.tryssl(host, port, data, {timeout = options.timeout, any_af = options.any_af}) if not socket then stdnse.debug1("http.request socket error: %s", partial)