PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Fix crashes when decoding codepoints larger than 255. Fixes #2192

Browse Source 
These codepoint references are now left intact. If necessary, it would be
a trivial change to replace them with corresponding UTF sequences.

Note that the previous code was decoding the character references recursively,
which was probably not the intent.
This commit is contained in:
nnposter
2020-11-25 02:14:03 +00:00
parent 169d7e5a92
commit c00f054d3c
2 changed files with 13 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@@ -32,6 +32,10 @@ o [NSE][GH#2174] Script hostmap-crtsh got improved in several ways. The most
identities that are syntactically incorrect to be hostnames are now ignored. identities that are syntactically incorrect to be hostnames are now ignored.
[Michel Le Bihan, nnposter] [Michel Le Bihan, nnposter]
o [NSE][GH#2192] XML decoding in library citrixxml no longer crashes when
encountering a character reference with codepoint greater than 255. (These
references are now left unmodified.) [nnposter]
o [NSE] Script mysql-audit now defaults to the bundled mysql-cis.audit for o [NSE] Script mysql-audit now defaults to the bundled mysql-cis.audit for
the audit rule base. [nnposter] the audit rule base. [nnposter]

29
nselib/citrixxml.lua
View File

@@ -25,32 +25,21 @@ local table = require "table"
_ENV = stdnse.module("citrixxml", stdnse.seeall) _ENV = stdnse.module("citrixxml", stdnse.seeall)
--- Decodes html-entities to chars eg. &#32; => <space> --- Decodes html-entities to chars eg. &#32; => <space>
-- Note that only decimal references of ASCII characters are supported.
-- Named and hexadecimal references are left untouched, and so are codepoints
-- greater than 255.
-- --
-- @param xmldata string to convert -- @param xmldata string to convert
-- @return string an e -- @return string with XML character references replaced with the corresponding characters
function decode_xml_document(xmldata) function decode_xml_document(xmldata)
local hexval
if not xmldata then if not xmldata then
return "" return ""
end end
return (xmldata:gsub("&#%d+;",
local newstr = xmldata function (e)
local escaped_val local cp = tonumber(e:sub(3, -2))
return cp <= 0xFF and string.char(cp) or nil
while string.match(newstr, "(&#%d+;)" ) do end))
escaped_val = string.match(newstr, "(&#%d+;)")
hexval = escaped_val:match("(%d+)")
if ( hexval ) then
newstr = newstr:gsub(escaped_val, string.char(hexval))
end
end
return newstr
end end
--- Sends the request to the server using the http lib --- Sends the request to the server using the http lib