Incorrect status variables were checked for errors. Closes #1504

2025-12-06 04:31:29 +00:00 · 2019-03-06 04:53:23 +00:00
parent 07b6879103
commit be802e321f
2 changed files with 32 additions and 21 deletions
--- a/3
+++ b/3
@@ -1,5 +1,8 @@
 #Nmap Changelog ($Id$); -*-text-*-

+o [GH#1504] RMI parser could crash when encountering invalid input
+  [Clément Notin]
+
 o [GH#863] Avoid reporting negative latencies due to matching an ARP or ND
  response to a probe sent after it was recieved. [Daniel Miller]

--- a/nselib/rmi.lua
+++ b/nselib/rmi.lua
@@ -1060,11 +1060,14 @@ ExternalClassParsers = {
  --@see sun.rmi.server.UnicastRef
  --@see sun.rmi.server.UnicastRef2
  UnicastRef = function(dis)
-    local stat, host = dis:readUTF();
-    if not stat then return doh("Parsing external data, could not read host (UTF)") end
-    local status, port = dis:readUnsignedInt();
-    if not stat then return doh("Parsing external data, could not read port (int)") end
-
+    local sts_host, host = dis:readUTF()
+    if not sts_host then
+      return doh("Parsing external data, could not read host (UTF)")
+    end
+    local sts_port, port = dis:readUnsignedInt()
+    if not sts_port then
+      return doh("Parsing external data, could not read port (int)")
+    end
    dbg("a host: %s, port %d", host, port)
    return true, ("@%s:%d"):format(host,port)
  end,
@@ -1073,24 +1076,29 @@ ExternalClassParsers = {
  --@see sun.rmi.server.UnicastRef
  --@see sun.rmi.server.UnicastRef2
  UnicastRef2 = function(dis)
-    local stat, form = dis:readByte();
-    if not stat then return doh("Parsing external data, could not read byte") end
-    if form == 0  or form == 1 then-- FORMAT_HOST_PORT or  FORMAT_HOST_PORT_FACTORY
-      local stat, host = dis:readUTF();
-      if not stat then return doh("Parsing external data, could not read host (UTF)") end
-      local status, port = dis:readUnsignedInt();
-      if not stat then return doh("Parsing external data, could not read port (int)") end
-      dbg("b host: %s, port %d", host, port)
-      if form ==0 then
-        return true, ("@%s:%d"):format(host,port)
-      end
-      -- for FORMAT_HOST_PORT_FACTORY, there's an object left to read
-      local status, object = readObject0(dis)
-      return true, ("@%s:%d"):format(host,port)
-      --return true, {host = host, port = port, factory = object}
-    else
+    local sts_form, form = dis:readByte()
+    if not sts_form then
+      return doh("Parsing external data, could not read byte")
+    end
+    if not (form == 0 or form == 1) then-- FORMAT_HOST_PORT or  FORMAT_HOST_PORT_FACTORY
      return doh("Invalid endpoint format")
    end
+    local sts_host, host = dis:readUTF()
+    if not sts_host then
+      return doh("Parsing external data, could not read host (UTF)")
+    end
+    local sts_port, port = dis:readUnsignedInt()
+    if not sts_port then
+      return doh("Parsing external data, could not read port (int)")
+    end
+    dbg("b host: %s, port %d", host, port)
+    if form == 0 then
+      return true, ("@%s:%d"):format(host,port)
+    end
+    -- for FORMAT_HOST_PORT_FACTORY, there's an object left to read
+    local sts_object, object = readObject0(dis)
+    return true, ("@%s:%d"):format(host,port)
+    --return true, {host = host, port = port, factory = object}
  end
 }
 --@see java.rmi.server.RemoteObject:readObject()