Change to citrixxml.lua to improve performance of citrixlua library when handling large XML responses containing application lists. Large responses were causing the script to consume 100% CPU for extended periods of time.

Reference: http://seclists.org/nmap-dev/2014/q2/74
2026-02-09 23:16:32 +00:00 · 2014-04-16 11:56:21 +00:00
parent a343ea24cd
commit cacf764754
2 changed files with 19 additions and 13 deletions
--- a/3
+++ b/3
@@ -5,6 +5,9 @@ Nmap 6.45 [2014-04-11]
 o NOTE THAT THE CHANGELOG FOR THIS RELEASE IS INCOMPLETE.  We plan to
  finish it soon.

+o [NSE] Improved performance of citrixlua library when handling large XML
+  responses containing application lists. [Tom Sellers]
+  
 o [NSE] Add ssl-heartbleed script to detect the Heartbleed bug in OpenSSL
  CVE-2014-0160 [Patrik Karlsson]
  
--- a/nselib/citrixxml.lua
+++ b/nselib/citrixxml.lua
@@ -34,19 +34,22 @@ function decode_xml_document(xmldata)

  if not xmldata then
    return ""
-  end
-
-  local newstr = xmldata
-
-  for m in xmldata:gmatch("(&#%d+;)") do
-    hexval = m:match("(%d+)")
-
-    if ( hexval ) then
-      newstr = xmldata:gsub(m, string.char(hexval))
-    end
-  end
-
-  return newstr
+  end
+
+  local newstr = xmldata
+  local escaped_val
+
+  while string.match(newstr, "(&#%d+;)" ) do
+    escaped_val = string.match(newstr, "(&#%d+;)")
+    hexval = escaped_val:match("(%d+)")
+
+    if ( hexval ) then
+      newstr, _ = newstr:gsub(escaped_val, string.char(hexval))
+    end
+
+  end
+
+  return newstr

 end