PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

Fix some bad patterns with excessive backtracking

Browse Source
This commit is contained in:
dmiller
2016-09-21 03:55:11 +00:00
parent da594ae5b8
commit d1fb502144
5 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -1,5 +1,8 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o [NSE] Fixed a few bad Lua patterns that could result in denial of service due
to excessive backtracking. [Adam Rutherford, Daniel Miller]
o Fixed a bug in port specification parsing that could cause extraneous o Fixed a bug in port specification parsing that could cause extraneous
'T', 'U', 'S', and 'P' characters to be ignored when they should have 'T', 'U', 'S', and 'P' characters to be ignored when they should have
caused an error. [David Fifield] caused an error. [David Fifield]

6
nselib/wsdd.lua
View File

@@ -135,15 +135,15 @@ Decoders = {
local response = {} local response = {}
-- extracts the messagid, so we can check if we already got a response -- extracts the messagid, so we can check if we already got a response
response.msgid = data:match("<.*:MessageID>urn:uuid:(.*)</.*:MessageID>") response.msgid = data:match("<[^:]*:MessageID>urn:uuid:([^<]*)</[^:]*:MessageID>")
-- if unable to parse msgid return nil -- if unable to parse msgid return nil
if ( not(response.msgid) ) then if ( not(response.msgid) ) then
return false, "No message id was found" return false, "No message id was found"
end end
response.xaddrs = data:match("<.*:*XAddrs>(.*)</.*:*XAddrs>") response.xaddrs = data:match("<[^:]*:*XAddrs>(.*)</[^:]*:*XAddrs>")
response.types = data:match("<.*:Types>[wsdp:]*(.*)</.*:Types>") response.types = data:match("<[^:]*:Types>[wsdp:]*(.*)</[^:]*:Types>")
return true, response return true, response
end, end,

4
scripts/auth-owners.nse
View File

@@ -54,7 +54,7 @@ action = function(host, port)
local try = nmap.new_try(catch) local try = nmap.new_try(catch)
try(client_ident:connect(host, 113)) try(client_ident:connect(host, 1113))
try(client_service:connect(host, port)) try(client_service:connect(host, port))
local localip, localport, remoteip, remoteport = local localip, localport, remoteip, remoteport =
@@ -70,7 +70,7 @@ action = function(host, port)
owner = nil owner = nil
else else
owner = string.match(owner, owner = string.match(owner,
"%d+%s*,%s*%d+%s*:%s*USERID%s*:%s*.+%s*:%s*(.+)\r?\n") "%d+%s*,%s*%d+%s*:%s*USERID%s*:%s*[^:]+%s*:[ \t]*([^\r\n]+)\r?\n")
end end
try(client_ident:close()) try(client_ident:close())

2
scripts/ip-https-discover.nse
View File

@@ -70,7 +70,7 @@ action = function(host, port)
end end
socket:close() socket:close()
if string.match(response, 'HTTP/1.1 200%s+.+HTTPAPI/2.0') then if string.match(response, 'HTTP/1.1 200%s.+HTTPAPI/2.0') then
return true, 'IP-HTTPS is supported. This indicates that this host supports Microsoft DirectAccess.' return true, 'IP-HTTPS is supported. This indicates that this host supports Microsoft DirectAccess.'
end end
end end

2
scripts/smtp-vuln-cve2010-4344.nse
View File

@@ -370,7 +370,7 @@ local function check_exim(smtp_opts)
for _, line in pairs(stdnse.strsplit("\r?\n", response)) do for _, line in pairs(stdnse.strsplit("\r?\n", response)) do
if not smtp_opts.ehlo_host or not smtp_opts.domain_ip then if not smtp_opts.ehlo_host or not smtp_opts.domain_ip then
smtp_opts.ehlo_host, smtp_opts.domain_ip = smtp_opts.ehlo_host, smtp_opts.domain_ip =
line:match("%d+.*Hello%s(.*)%s%[(.*)%]") line:match("%d.-Hello%s(.*)%s%[([^]]*)%]")
end end
if not smtp_server.size then if not smtp_server.size then
smtp_server.size = line:match("%d+%-SIZE%s(%d+)") smtp_server.size = line:match("%d+%-SIZE%s(%d+)")