Prevent ssl-* from printing to jetdirect ports. Fixes #2237

2026-02-03 20:16:33 +00:00 · 2021-01-25 17:00:40 +00:00
parent c425bb6d62
commit b305ba6b5d
2 changed files with 7 additions and 1 deletions
--- a/4
+++ b/4
@@ -1,5 +1,9 @@
 #Nmap Changelog ($Id$); -*-text-*-

+o [NSE][GH#2237] Prevent the ssl-* NSE scripts from probing ports that were
+  excluded from version scan, usually 9100-9107, since JetDirect will print
+  anything sent to these ports. [Daniel Miller]
+
 o Nmap's retransmission limits were preventing some UDP payloads from being
  tried with -sU and -PU. Now, Nmap ensures each payload for a particular port
  is sent at least once, unless --max-retries prevents it. [Daniel Miller]
--- a/nselib/shortport.lua
+++ b/nselib/shortport.lua
@@ -248,7 +248,9 @@ function ssl(host, port)
  -- If we're just looking up port info, stop here.
  if not host then return false end
  -- if we didn't detect something *not* SSL, check it ourselves
-  if port.version and port.version.name_confidence <= 3 and host.registry then
+  -- but don't check if it's an excluded port
+  if port.version and port.version.name_confidence <= 3 and host.registry
+    and not nmap.port_is_excluded(port.number, port.protocol) then
    comm = comm or require "comm"
    host.registry.ssl = host.registry.ssl or {}
    local mtx = nmap.mutex(host.registry.ssl)