From ba88cb4f5def27b16250cf84bdf089aea3ad5ad3 Mon Sep 17 00:00:00 2001 From: david Date: Tue, 11 Sep 2012 00:39:04 +0000 Subject: [PATCH] Check for received packet in rpc-grind.nse. The script was checking the returned data, but not the status. When status is false, data is actually an error message. So in case of a timeout, the script was receiving nil, "TIMEOUT" and interpreting "TIMEOUT" as a response from the server. It looked like this: Discovered open port 1434/udp on 127.0.0.1 NSE: rpc-grind: RPC checking function response data is not RPC. NSE: Target port 1434 is not a RPC port. This was reported by Christopher Clements. http://seclists.org/nmap-dev/2012/q3/685 --- CHANGELOG | 4 ++++ scripts/rpc-grind.nse | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index ed4d2168e..4e5bec769 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,9 @@ # Nmap Changelog ($Id$); -*-text-*- +o [NSE] Fixed a bug in rpc-grind.nse that would cause unresponsive UDP + ports to be wrongly marked open. This was reported by Christopher + Clements. [David Fifield] + o [Ncat] Close connection endpoint when receiving EOF on stdin. [Michal Hlavinka]. o Fixed interface listing on NetBSD. The bug was first noticed by diff --git a/scripts/rpc-grind.nse b/scripts/rpc-grind.nse index 38506879f..c02dcda50 100644 --- a/scripts/rpc-grind.nse +++ b/scripts/rpc-grind.nse @@ -88,8 +88,8 @@ local isRPC = function(host, port) end -- And check response - _, data = rpcConn:ReceivePacket() - if not data then + status, data = rpcConn:ReceivePacket() + if not status then stdnse.print_debug("%s: isRPC didn't receive response.", SCRIPT_NAME) return else