From b76257d14b5d79a30207bb694e4f4922bbefd83d Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Mon, 21 Mar 2016 22:04:42 +0000
Subject: [PATCH] fix a NSE bug when http-cross-domain-policy has no output.
 Closes #343

---
 scripts/http-cross-domain-policy.nse | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/http-cross-domain-policy.nse b/scripts/http-cross-domain-policy.nse
index 74f0bbfe9..2478c1d86 100644
--- a/scripts/http-cross-domain-policy.nse
+++ b/scripts/http-cross-domain-policy.nse
@@ -279,16 +279,16 @@ Forgery attacks, and may allow third parties to access sensitive data meant for
      }
   local check, domains, domains_available, content = check_crossdomain(host, port, lookup)
   local mt = {__tostring=function(p) return ("%s:\n      %s"):format(p.name, p.body:gsub("\n", "\n      ")) end}
-  for i, _ in pairs(content) do
-    setmetatable(content[i], mt)
-    tostring(content[i])
-  end
   if check then
     if stdnse.contains(domains, "*") or stdnse.contains(domains, "https://") or stdnse.contains(domains, "http://") then
       vuln.state = vulns.STATE.VULN
     else
       vuln.state = vulns.STATE.LIKELY_VULN
     end
+    for i, _ in pairs(content) do
+      setmetatable(content[i], mt)
+      tostring(content[i])
+    end
     vuln.check_results = content
     vuln.extra_info = string.format("Trusted domains:%s\n", stdnse.strjoin(', ', domains))
     if not(lookup) and nmap.verbosity()>=2 then