Replace chained concatenation reassignment with simple concatenation

Example:

x = y
x = x .. z

Fixed:

x = y
.. z

This simple fix would save 1 string creation/deletion. Most changes
involve many more than this.

nselib/afp.lua

@@ -1065,7 +1065,7 @@ Proto = {
     local response,records = {}, {}
 
     local data = bin.pack( "CC>S>I>S>S", COMMAND.FPEnumerateExt2, pad, volume_id, did, file_bitmap, dir_bitmap )
-    data = data .. bin.pack( ">S>I>ICCA", req_count, start_index, reply_size, path.type, path.len, path.name )
+    .. bin.pack( ">S>I>ICCA", req_count, start_index, reply_size, path.type, path.len, path.name )
     packet = self:create_fp_packet( REQUEST.Command, data_offset, data )
 
     self:send_fp_packet( packet )

nselib/msrpc.lua

@@ -259,9 +259,7 @@ function bind(smbstate, interface_uuid, interface_version, transfer_syntax)
     0x00,       -- Padding/alignment
     0x00,       -- Padding/alignment
     0x00        -- Padding/alignment
-    )
+    ) .. bin.pack("<SCCASSAI",
-
-  data = data .. bin.pack("<SCCASSAI",
     0x0000,            -- Context ID
     0x01,              -- Number of transaction items. */
     0x00,              -- Padding/alignment
@@ -606,17 +604,17 @@ function srvsvc_netshareenumall(smbstate, server)
   arguments = msrpctypes.marshall_unicode_ptr("\\\\" .. server, true)
 
   -- [in,out]   uint32 level
-  arguments = arguments .. msrpctypes.marshall_int32(0)
+  .. msrpctypes.marshall_int32(0)
 
   -- [in,out,switch_is(level)] srvsvc_NetShareCtr ctr
-  arguments = arguments .. msrpctypes.marshall_srvsvc_NetShareCtr(0, {array=nil})
+  .. msrpctypes.marshall_srvsvc_NetShareCtr(0, {array=nil})
 
   -- [in]   uint32 max_buffer,
-  arguments = arguments .. msrpctypes.marshall_int32(4096)
+  .. msrpctypes.marshall_int32(4096)
 
   -- [out]  uint32 totalentries
   -- [in,out]   uint32 *resume_handle*
-  arguments = arguments .. msrpctypes.marshall_int32_ptr(0)
+  .. msrpctypes.marshall_int32_ptr(0)
 
 
   -- Do the call
@@ -676,10 +674,10 @@ function srvsvc_netsharegetinfo(smbstate, server, share, level)
   arguments = msrpctypes.marshall_unicode_ptr("\\\\" .. server, true)
 
   --    [in]   [string,charset(UTF16)] uint16 share_name[],
-  arguments = arguments .. msrpctypes.marshall_unicode(share, true)
+  .. msrpctypes.marshall_unicode(share, true)
 
   --    [in]   uint32 level,
-  arguments = arguments .. msrpctypes.marshall_int32(level)
+  .. msrpctypes.marshall_int32(level)
 
   --    [out,switch_is(level)] srvsvc_NetShareInfo info
 
@@ -737,23 +735,23 @@ function srvsvc_netsessenum(smbstate, server)
   arguments = msrpctypes.marshall_unicode_ptr(server, true)
 
   --    [in]   [string,charset(UTF16)] uint16 *client,
-  arguments = arguments .. msrpctypes.marshall_unicode_ptr(nil)
+  .. msrpctypes.marshall_unicode_ptr(nil)
 
   --    [in]   [string,charset(UTF16)] uint16 *user,
-  arguments = arguments .. msrpctypes.marshall_unicode_ptr(nil)
+  .. msrpctypes.marshall_unicode_ptr(nil)
 
   --    [in,out]   uint32 level,
-  arguments = arguments .. msrpctypes.marshall_int32(10) -- 10 seems to be the only useful one allowed anonymously
+  .. msrpctypes.marshall_int32(10) -- 10 seems to be the only useful one allowed anonymously
 
   --    [in,out,switch_is(level)]   srvsvc_NetSessCtr ctr,
-  arguments = arguments .. msrpctypes.marshall_srvsvc_NetSessCtr(10, {array=nil})
+  .. msrpctypes.marshall_srvsvc_NetSessCtr(10, {array=nil})
 
   --    [in]   uint32 max_buffer,
-  arguments = arguments .. msrpctypes.marshall_int32(0xFFFFFFFF)
+  .. msrpctypes.marshall_int32(0xFFFFFFFF)
 
   --    [out]   uint32 totalentries,
   --    [in,out]   uint32 *resume_handle
-  arguments = arguments .. msrpctypes.marshall_int32_ptr(0)
+  .. msrpctypes.marshall_int32_ptr(0)
 
 
   -- Do the call
@@ -844,13 +842,13 @@ function srvsvc_netservergetstatistics(smbstate, server)
   arguments = msrpctypes.marshall_unicode_ptr(server, true)
 
   --    [in]      [string,charset(UTF16)] uint16 *service,
-  arguments = arguments .. msrpctypes.marshall_unicode_ptr(service, true)
+  .. msrpctypes.marshall_unicode_ptr(service, true)
 
   --    [in]      uint32 level,
-  arguments = arguments .. msrpctypes.marshall_int32(0)
+  .. msrpctypes.marshall_int32(0)
 
   --    [in]      uint32 options,
-  arguments = arguments .. msrpctypes.marshall_int32(0)
+  .. msrpctypes.marshall_int32(0)
 
   --    [out]     srvsvc_Statistics stat
 
@@ -915,16 +913,16 @@ function srvsvc_netpathcompare(smbstate, server, path1, path2, pathtype, pathfla
   arguments = msrpctypes.marshall_unicode_ptr(server, true)
 
   --    [in]   [string,charset(UTF16)] uint16 path1[],
-  arguments = arguments .. msrpctypes.marshall_unicode(path1, true)
+  .. msrpctypes.marshall_unicode(path1, true)
 
   --    [in]   [string,charset(UTF16)] uint16 path2[],
-  arguments = arguments .. msrpctypes.marshall_unicode(path2, true)
+  .. msrpctypes.marshall_unicode(path2, true)
 
   --    [in]  uint32 pathtype,
-  arguments = arguments .. msrpctypes.marshall_int32(pathtype)
+  .. msrpctypes.marshall_int32(pathtype)
 
   --    [in]  uint32 pathflags
-  arguments = arguments .. msrpctypes.marshall_int32(pathflags)
+  .. msrpctypes.marshall_int32(pathflags)
 
   -- Do the call
   status, result = call_function(smbstate, 0x20, arguments)
@@ -977,18 +975,18 @@ function srvsvc_netpathcanonicalize(smbstate, server, path)
   --        [in]   [string,charset(UTF16)] uint16 *server_unc,
   arguments = msrpctypes.marshall_unicode_ptr(server, true)
   --        [in]   [string,charset(UTF16)] uint16 path[],
-  arguments = arguments .. msrpctypes.marshall_unicode(path, true)
+  .. msrpctypes.marshall_unicode(path, true)
   --        [out]  [size_is(maxbuf)] uint8 can_path[],
   --        [in]   uint32 maxbuf,
-  arguments = arguments .. msrpctypes.marshall_int32(2)
+  .. msrpctypes.marshall_int32(2)
 
   --        [in]   [string,charset(UTF16)] uint16 prefix[],
-  arguments = arguments .. msrpctypes.marshall_unicode("\\", true)
+  .. msrpctypes.marshall_unicode("\\", true)
 
   --        [in,out] uint32 pathtype,
-  arguments = arguments .. msrpctypes.marshall_int32(1)
+  .. msrpctypes.marshall_int32(1)
   --        [in]    uint32 pathflags
-  arguments = arguments .. msrpctypes.marshall_int32(1)
+  .. msrpctypes.marshall_int32(1)
 
 
   -- Do the call
@@ -1042,30 +1040,28 @@ function spoolss_open_printer(smbstate,printer)
   local user = msrpctypes.marshall_unicode_ptr("",true)
 
   local arguments = msrpctypes.marshall_unicode_ptr(printer,true)
-  arguments = arguments .. msrpctypes.marshall_int32(0)
+  .. msrpctypes.marshall_int32(0)
   --devmod container
-  arguments = arguments .. msrpctypes.marshall_int32(0)
+  .. msrpctypes.marshall_int32(0)
-  arguments = arguments .. msrpctypes.marshall_int32(0)
+  .. msrpctypes.marshall_int32(0)
   --access we require
-  arguments = arguments .. msrpctypes.marshall_int32(0x02020000)
+  .. msrpctypes.marshall_int32(0x02020000)
   -- spool client container
-  arguments = arguments .. msrpctypes.marshall_int32(1)
+  .. msrpctypes.marshall_int32(1)
-  arguments = arguments .. msrpctypes.marshall_int32(1)
+  .. msrpctypes.marshall_int32(1)
-  arguments = arguments .. msrpctypes.marshall_int32(12345135)
+  .. msrpctypes.marshall_int32(12345135)
 
   local arguments2 =  string.sub(machine,1,4)
-  arguments2 = arguments2 ..  string.sub(user,1,4)
+  ..  string.sub(user,1,4)
-  arguments2 = arguments2 .. msrpctypes.marshall_int32(7600)
+  .. msrpctypes.marshall_int32(7600)
-  arguments2 = arguments2 .. msrpctypes.marshall_int32(3)
+  .. msrpctypes.marshall_int32(3)
-  arguments2 = arguments2 .. msrpctypes.marshall_int32(0)
+  .. msrpctypes.marshall_int32(0)
-  arguments2 = arguments2 .. msrpctypes.marshall_int32(9)
+  .. msrpctypes.marshall_int32(9)
-  arguments2 = arguments2 .. string.sub(machine,5,#machine)
+  .. string.sub(machine,5,#machine)
-  arguments2 = arguments2 .. string.sub(user,5,#user)
+  .. string.sub(user,5,#user)
   arguments2 = msrpctypes.marshall_int32(#arguments2+4) .. arguments2
 
-  arguments = arguments .. arguments2
+  local status, result = call_function(smbstate, 69, arguments .. arguments2)
-
-  local status, result = call_function(smbstate, 69, arguments)
   if not status then
     stdnse.debug1("MSRPC spoolss_open_printer(): %s ",result)
   end
@@ -1081,25 +1077,22 @@ end
 --@param filename         Name of the file to print to
 --@return (status, result) If status is false, result is an error message. Otherwise, result is a print job id.
 function spoolss_start_doc_printer(smbstate,printer_handle,filename)
-  local arguments = printer_handle
   local document_name = msrpctypes.marshall_unicode_ptr("nmap_test",true)
   local fname = msrpctypes.marshall_unicode_ptr(filename,true)
   local dtype = msrpctypes.marshall_int32(0)
+
+  local arguments = printer_handle .. msrpctypes.marshall_int32(1)
+
   local document_container = msrpctypes.marshall_int32(1)
+  .. msrpctypes.marshall_int32(12332131)
+  .. string.sub(document_name,1,4)
+  .. string.sub(fname,1,4)
+  .. string.sub(dtype,1,4)
+  .. string.sub(document_name,5,#document_name)
+  .. string.sub(fname,5,#fname)
+  .. string.sub(dtype,5,#dtype)
 
-  arguments = arguments .. msrpctypes.marshall_int32(1)
+  local status, result = call_function(smbstate, 17, arguments .. document_container)
-
-  document_container = document_container .. msrpctypes.marshall_int32(12332131)
-  document_container = document_container .. string.sub(document_name,1,4)
-  document_container = document_container .. string.sub(fname,1,4)
-  document_container = document_container .. string.sub(dtype,1,4)
-  document_container = document_container .. string.sub(document_name,5,#document_name)
-  document_container = document_container .. string.sub(fname,5,#fname)
-  document_container = document_container .. string.sub(dtype,5,#dtype)
-
-  arguments = arguments .. document_container
-
-  local status, result = call_function(smbstate, 17, arguments)
   if not status then
     stdnse.debug1("MSRPC spoolss_start_doc_printer(): %s",result)
   end
@@ -1114,17 +1107,16 @@ end
 --@param data              Actual data to write to a file
 --@return (status, result) If status is false, result is an error message. Otherwise, result is number of bytes written.
 function spoolss_write_printer(smbstate,printer_handle,data)
-  stdnse.debug1("len %d", #data)
   local padding_len = 4 - math.fmod(#data,4)
   local data_padding = nil
   if not (padding_len == 4) then
     data_padding = string.rep(bin.pack("H","00"),padding_len)
   end
   local arguments = printer_handle ..  msrpctypes.marshall_int32(#data)
-  --arguments = arguments ..  msrpctypes.marshall_int32(#data)
+  --..  msrpctypes.marshall_int32(#data)
-  arguments = arguments .. data
+  .. data
-  if data_padding then arguments = arguments .. data_padding end
+  .. (data_padding or "")
-  arguments = arguments ..  msrpctypes.marshall_int32(#data)
+  .. msrpctypes.marshall_int32(#data)
   local status,result = call_function(smbstate, 19, arguments)
   if not status then
     stdnse.debug1("MSRPC spoolss_write_printer(): %s",result)
@@ -1213,7 +1205,7 @@ function epmapper_lookup(smbstate,handle)
   -- [out]           error_status_t      *status
   -- );
   local params = msrpctypes.marshall_int32(0) .. msrpctypes.marshall_int32(0) .. msrpctypes.marshall_int32(0) .. msrpctypes.marshall_int32(0)
-  params = params .. handle .. msrpctypes.marshall_int32(1)
+  .. handle .. msrpctypes.marshall_int32(1)
 
   local status,result = call_function(smbstate,2,params)
   if not status then
@@ -1352,10 +1344,10 @@ function samr_connect4(smbstate, server)
   arguments = msrpctypes.marshall_unicode_ptr("\\\\" .. server, true)
 
   -- [in] uint32 unknown,
-  arguments = arguments .. msrpctypes.marshall_int32(0x02)
+  .. msrpctypes.marshall_int32(0x02)
 
   -- [in] samr_ConnectAccessMask access_mask,
-  arguments = arguments .. msrpctypes.marshall_samr_ConnectAccessMask("SAMR_ACCESS_ENUM_DOMAINS|SAMR_ACCESS_OPEN_DOMAIN")
+  .. msrpctypes.marshall_samr_ConnectAccessMask("SAMR_ACCESS_ENUM_DOMAINS|SAMR_ACCESS_OPEN_DOMAIN")
   -- [out,ref]  policy_handle *connect_handle
 
 
@@ -1406,10 +1398,10 @@ function samr_enumdomains(smbstate, connect_handle)
   arguments = msrpctypes.marshall_policy_handle(connect_handle)
 
   --    [in,out,ref]  uint32 *resume_handle,
-  arguments = arguments .. msrpctypes.marshall_int32(0)
+  .. msrpctypes.marshall_int32(0)
 
   --    [in]          uint32 buf_size,
-  arguments = arguments .. msrpctypes.marshall_int32(0x2000)
+  .. msrpctypes.marshall_int32(0x2000)
 
   --    [out]         samr_SamArray *sam,
   --    [out]         uint32 num_entries
@@ -1469,7 +1461,7 @@ function samr_lookupdomain(smbstate, connect_handle, domain)
   arguments = msrpctypes.marshall_policy_handle(connect_handle)
 
   --    [in,ref]  lsa_String *domain_name,
-  arguments = arguments .. msrpctypes.marshall_lsa_String(domain)
+  .. msrpctypes.marshall_lsa_String(domain)
 
   --    [out]     dom_sid2 *sid
 
@@ -1522,10 +1514,10 @@ function samr_opendomain(smbstate, connect_handle, sid)
   arguments = msrpctypes.marshall_policy_handle(connect_handle)
 
   --    [in]          samr_DomainAccessMask access_mask,
-  arguments = arguments .. msrpctypes.marshall_samr_DomainAccessMask("DOMAIN_ACCESS_LOOKUP_INFO_1|DOMAIN_ACCESS_LOOKUP_INFO_2|DOMAIN_ACCESS_ENUM_ACCOUNTS|DOMAIN_ACCESS_OPEN_ACCOUNT")
+  .. msrpctypes.marshall_samr_DomainAccessMask("DOMAIN_ACCESS_LOOKUP_INFO_1|DOMAIN_ACCESS_LOOKUP_INFO_2|DOMAIN_ACCESS_ENUM_ACCOUNTS|DOMAIN_ACCESS_OPEN_ACCOUNT")
 
   --    [in,ref]      dom_sid2 *sid,
-  arguments = arguments .. msrpctypes.marshall_dom_sid2(sid)
+  .. msrpctypes.marshall_dom_sid2(sid)
 
   --    [out,ref]     policy_handle *domain_handle
 
@@ -1578,13 +1570,13 @@ function samr_enumdomainusers(smbstate, domain_handle)
   arguments = msrpctypes.marshall_policy_handle(domain_handle)
 
   --    [in,out,ref]  uint32 *resume_handle,
-  arguments = arguments .. msrpctypes.marshall_int32_ptr(nil)
+  .. msrpctypes.marshall_int32_ptr(nil)
 
   --    [in]          samr_AcctFlags acct_flags,
-  arguments = arguments .. msrpctypes.marshall_samr_AcctFlags("ACB_NONE")
+  .. msrpctypes.marshall_samr_AcctFlags("ACB_NONE")
 
   --    [in]          uint32 max_size,
-  arguments = arguments .. msrpctypes.marshall_int32(0x0400)
+  .. msrpctypes.marshall_int32(0x0400)
 
   --    [out]         samr_SamArray *sam,
   --    [out]         uint32 num_entries
@@ -1659,16 +1651,16 @@ function samr_querydisplayinfo(smbstate, domain_handle, index, count)
   arguments = msrpctypes.marshall_policy_handle(domain_handle)
 
   --    [in]        uint16 level,
-  arguments = arguments .. msrpctypes.marshall_int16(1) -- Level (1 = users, 3 = groups, 4 = usernames only)
+  .. msrpctypes.marshall_int16(1) -- Level (1 = users, 3 = groups, 4 = usernames only)
 
   --    [in]        uint32 start_idx,
-  arguments = arguments .. msrpctypes.marshall_int32(index)
+  .. msrpctypes.marshall_int32(index)
 
   --    [in]        uint32 max_entries,
-  arguments = arguments .. msrpctypes.marshall_int32(count)
+  .. msrpctypes.marshall_int32(count)
 
   --    [in]        uint32 buf_size,
-  arguments = arguments .. msrpctypes.marshall_int32(0x7FFFFFFF)
+  .. msrpctypes.marshall_int32(0x7FFFFFFF)
 
   --    [out]       uint32 total_size,
   --    [out]       uint32 returned_size,
@@ -1749,7 +1741,7 @@ function samr_querydomaininfo2(smbstate, domain_handle, level)
   arguments = msrpctypes.marshall_policy_handle(domain_handle)
 
   --    [in]          uint16 level,
-  arguments = arguments .. msrpctypes.marshall_int32(level)
+  .. msrpctypes.marshall_int32(level)
 
   --    [out,switch_is(level)] samr_DomainInfo *info
 
@@ -1798,14 +1790,14 @@ function samr_enumdomainaliases(smbstate, domain_handle)
   arguments = ''
 
   --        [in]          policy_handle *domain_handle,
-  arguments = arguments .. msrpctypes.marshall_policy_handle(domain_handle)
+  .. msrpctypes.marshall_policy_handle(domain_handle)
 
   --        [in,out,ref]  uint32 *resume_handle,
-  arguments = arguments .. msrpctypes.marshall_int32_ptr(nil)
+  .. msrpctypes.marshall_int32_ptr(nil)
 
   --        [out,ref]     samr_SamArray **sam,
   --        [in]          uint32 max_size, (note: Wireshark says this is flags. Either way..)
-  arguments = arguments .. msrpctypes.marshall_int32(0x400)
+  .. msrpctypes.marshall_int32(0x400)
 
   --        [out,ref]     uint32 *num_entries
 
@@ -1856,13 +1848,13 @@ function samr_lookupnames(smbstate, domain_handle, names)
   arguments = ''
 
   --        [in,ref]      policy_handle *domain_handle,
-  arguments = arguments .. msrpctypes.marshall_policy_handle(domain_handle)
+  .. msrpctypes.marshall_policy_handle(domain_handle)
 
   --        [in,range(0,1000)] uint32 num_names,
-  arguments = arguments .. msrpctypes.marshall_int32(#names)
+  .. msrpctypes.marshall_int32(#names)
 
   --        [in,size_is(1000),length_is(num_names)] lsa_String names[],
-  arguments = arguments .. msrpctypes.marshall_lsa_String_array2(names)
+  .. msrpctypes.marshall_lsa_String_array2(names)
 
   --        [out,ref]     samr_Ids *rids,
   --        [out,ref]     samr_Ids *types
@@ -1917,13 +1909,13 @@ function samr_openalias(smbstate, domain_handle, rid)
   arguments = ''
 
   --        [in,ref]      policy_handle *domain_handle,
-  arguments = arguments .. msrpctypes.marshall_policy_handle(domain_handle)
+  .. msrpctypes.marshall_policy_handle(domain_handle)
 
   --        [in]          samr_AliasAccessMask access_mask,
-  arguments = arguments .. msrpctypes.marshall_int32(0x0002000c) -- Full read permission
+  .. msrpctypes.marshall_int32(0x0002000c) -- Full read permission
 
   --        [in]          uint32 rid,
-  arguments = arguments .. msrpctypes.marshall_int32(rid)
+  .. msrpctypes.marshall_int32(rid)
 
   --        [out,ref]     policy_handle *alias_handle
 
@@ -1964,11 +1956,7 @@ end
 --@return (status, result) If status is false, result is an error message. Otherwise, result is a table of values.
 function samr_getaliasmembership(smbstate, alias_handle,args)
   local status, result
-  local arguments
+  local arguments = alias_handle .. args
-
-  arguments = ''
-
-  arguments = arguments .. alias_handle .. args
   -- Do the call
   status, result = call_function(smbstate, 0x10, arguments)
   if(status ~= true) then
@@ -1993,7 +1981,7 @@ function samr_getmembersinalias(smbstate, alias_handle)
   arguments = ''
 
   --        [in,ref]   policy_handle *alias_handle,
-  arguments = arguments .. msrpctypes.marshall_policy_handle(alias_handle)
+  .. msrpctypes.marshall_policy_handle(alias_handle)
   --        [out,ref]  lsa_SidArray    *sids
 
 
@@ -2143,10 +2131,10 @@ function lsa_openpolicy2(smbstate, server)
   arguments = msrpctypes.marshall_unicode_ptr(server, true)
 
   --    [in]  lsa_ObjectAttribute *attr,
-  arguments = arguments .. msrpctypes.marshall_lsa_ObjectAttribute()
+  .. msrpctypes.marshall_lsa_ObjectAttribute()
 
   --    [in]      uint32 access_mask,
-  arguments = arguments .. msrpctypes.marshall_int32(0x00000800)
+  .. msrpctypes.marshall_int32(0x00000800)
 
   --    [out] policy_handle *handle
 
@@ -2202,26 +2190,26 @@ function lsa_lookupnames2(smbstate, policy_handle, names)
   arguments = msrpctypes.marshall_policy_handle(policy_handle)
 
   --    [in,range(0,1000)] uint32 num_names,
-  arguments = arguments .. msrpctypes.marshall_int32(#names)
+  .. msrpctypes.marshall_int32(#names)
 
   --    [in,size_is(num_names)]  lsa_String names[],
-  arguments = arguments .. msrpctypes.marshall_lsa_String_array(names)
+  .. msrpctypes.marshall_lsa_String_array(names)
 
   --    [out,unique]        lsa_RefDomainList *domains,
   --    [in,out] lsa_TransSidArray2 *sids,
-  arguments = arguments .. msrpctypes.marshall_lsa_TransSidArray2({nil})
+  .. msrpctypes.marshall_lsa_TransSidArray2({nil})
 
   --    [in]         lsa_LookupNamesLevel level,
-  arguments = arguments .. msrpctypes.marshall_lsa_LookupNamesLevel("LOOKUP_NAMES_ALL")
+  .. msrpctypes.marshall_lsa_LookupNamesLevel("LOOKUP_NAMES_ALL")
 
   --    [in,out] uint32 *count,
-  arguments = arguments .. msrpctypes.marshall_int32(0)
+  .. msrpctypes.marshall_int32(0)
 
   --    [in]         uint32 unknown1,
-  arguments = arguments .. msrpctypes.marshall_int32(0)
+  .. msrpctypes.marshall_int32(0)
 
   --    [in]         uint32 unknown2
-  arguments = arguments .. msrpctypes.marshall_int32(2)
+  .. msrpctypes.marshall_int32(2)
 
 
 
@@ -2293,23 +2281,23 @@ function lsa_lookupsids2(smbstate, policy_handle, sids)
   arguments = msrpctypes.marshall_policy_handle(policy_handle)
 
   --    [in]     lsa_SidArray *sids,
-  arguments = arguments .. msrpctypes.marshall_lsa_SidArray(sids)
+  .. msrpctypes.marshall_lsa_SidArray(sids)
 
   --    [out,unique]        lsa_RefDomainList *domains,
   --    [in,out] lsa_TransNameArray2 *names,
-  arguments = arguments .. msrpctypes.marshall_lsa_TransNameArray2(nil)
+  .. msrpctypes.marshall_lsa_TransNameArray2(nil)
 
   --    [in]         uint16 level,
-  arguments = arguments .. msrpctypes.marshall_int16(1)
+  .. msrpctypes.marshall_int16(1)
 
   --    [in,out] uint32 *count,
-  arguments = arguments .. msrpctypes.marshall_int32(0)
+  .. msrpctypes.marshall_int32(0)
 
   --    [in]         uint32 unknown1,
-  arguments = arguments .. msrpctypes.marshall_int32(0)
+  .. msrpctypes.marshall_int32(0)
 
   --    [in]         uint32 unknown2
-  arguments = arguments .. msrpctypes.marshall_int32(2)
+  .. msrpctypes.marshall_int32(2)
 
 
   -- Do the call
@@ -2421,7 +2409,7 @@ function winreg_openhku(smbstate)
   arguments = msrpctypes.marshall_int16_ptr(0x1337, true)
 
   --    [in]      winreg_AccessMask access_mask,
-  arguments = arguments .. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
+  .. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
 
   --    [out,ref] policy_handle *handle
 
@@ -2471,7 +2459,7 @@ function winreg_openhklm(smbstate)
   arguments = msrpctypes.marshall_int16_ptr(0x1337, true)
 
   --    [in]      winreg_AccessMask access_mask,
-  arguments = arguments .. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
+  .. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
 
   --    [out,ref] policy_handle *handle
 
@@ -2520,7 +2508,7 @@ function winreg_openhkpd(smbstate)
   arguments = msrpctypes.marshall_int16_ptr(0x1337, true)
 
   --    [in]      winreg_AccessMask access_mask,
-  arguments = arguments .. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
+  .. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
 
   --    [out,ref] policy_handle *handle
 
@@ -2569,7 +2557,7 @@ function winreg_openhkcu(smbstate)
   arguments = msrpctypes.marshall_int16_ptr(0x1337, true)
 
   --    [in]      winreg_AccessMask access_mask,
-  arguments = arguments .. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
+  .. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
 
   --    [out,ref] policy_handle *handle
 
@@ -2627,18 +2615,18 @@ function winreg_enumkey(smbstate, handle, index, name)
   arguments = msrpctypes.marshall_policy_handle(handle)
 
   --    [in]            uint32           enum_index,
-  arguments = arguments .. msrpctypes.marshall_int32(index)
+  .. msrpctypes.marshall_int32(index)
 
   --    [in,out,ref]    winreg_StringBuf *name,
   -- NOTE: if the 'name' parameter here is set to 'nil', the service on a fully patched Windows 2000 system
   -- may crash.
-  arguments = arguments .. msrpctypes.marshall_winreg_StringBuf({name=""}, 520)
+  .. msrpctypes.marshall_winreg_StringBuf({name=""}, 520)
 
   --    [in,out,unique] winreg_StringBuf *keyclass,
-  arguments = arguments .. msrpctypes.marshall_winreg_StringBuf_ptr({name=nil})
+  .. msrpctypes.marshall_winreg_StringBuf_ptr({name=nil})
 
   --    [in,out,unique] NTTIME           *last_changed_time
-  arguments = arguments .. msrpctypes.marshall_NTTIME_ptr(0)
+  .. msrpctypes.marshall_NTTIME_ptr(0)
 
   -- Do the call
   status, result = call_function(smbstate, 0x09, arguments)
@@ -2697,13 +2685,13 @@ function winreg_openkey(smbstate, handle, keyname)
   arguments = msrpctypes.marshall_policy_handle(handle)
 
   --    [in] winreg_String keyname,
-  arguments = arguments .. msrpctypes.marshall_winreg_String({name=keyname})
+  .. msrpctypes.marshall_winreg_String({name=keyname})
 
   --    [in] uint32 unknown,
-  arguments = arguments .. msrpctypes.marshall_int32(0)
+  .. msrpctypes.marshall_int32(0)
 
   --    [in] winreg_AccessMask access_mask,
-  arguments = arguments .. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
+  .. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
 
   --    [out,ref] policy_handle *handle
 
@@ -2757,7 +2745,7 @@ function winreg_queryinfokey(smbstate, handle)
   arguments = msrpctypes.marshall_policy_handle(handle)
 
   --    [in,out,ref] winreg_String *classname,
-  arguments = arguments .. msrpctypes.marshall_winreg_String({name=""}, 2048)
+  .. msrpctypes.marshall_winreg_String({name=""}, 2048)
 
   --    [out,ref] uint32 *num_subkeys,
   --    [out,ref] uint32 *max_subkeylen,
@@ -2843,19 +2831,19 @@ function winreg_queryvalue(smbstate, handle, value)
   arguments = msrpctypes.marshall_policy_handle(handle)
 
   --    [in] winreg_String value_name,
-  arguments = arguments .. msrpctypes.marshall_winreg_String({name=value})
+  .. msrpctypes.marshall_winreg_String({name=value})
 
   --    [in,out] winreg_Type *type,
-  arguments = arguments .. msrpctypes.marshall_winreg_Type_ptr("REG_NONE")
+  .. msrpctypes.marshall_winreg_Type_ptr("REG_NONE")
 
   --    [in,out,size_is(*size),length_is(*length)] uint8 *data,
-  arguments = arguments .. msrpctypes.marshall_int8_array_ptr("", 1000000)
+  .. msrpctypes.marshall_int8_array_ptr("", 1000000)
 
   --    [in,out] uint32 *size,
-  arguments = arguments .. msrpctypes.marshall_int32_ptr(1000000)
+  .. msrpctypes.marshall_int32_ptr(1000000)
 
   --    [in,out] uint32 *length
-  arguments = arguments .. msrpctypes.marshall_int32_ptr(0)
+  .. msrpctypes.marshall_int32_ptr(0)
 
   -- Do the call
   status, result = call_function(smbstate, 0x11, arguments)
@@ -2981,11 +2969,11 @@ function svcctl_openscmanagera(smbstate, machinename)
   arguments = msrpctypes.marshall_ascii_ptr("\\\\" .. machinename)
 
   --        [in] [string,charset(UTF16)] uint16 *DatabaseName,
-  arguments = arguments .. msrpctypes.marshall_ascii_ptr(nil)
+  .. msrpctypes.marshall_ascii_ptr(nil)
 
   --        [in] uint32 access_mask,
-  -- arguments = arguments .. msrpctypes.marshall_int32(0x000f003f)
+  -- .. msrpctypes.marshall_int32(0x000f003f)
-  arguments = arguments .. msrpctypes.marshall_int32(0x00000002)
+  .. msrpctypes.marshall_int32(0x00000002)
 
   --        [out,ref] policy_handle *handle
 
@@ -3042,11 +3030,11 @@ function svcctl_openscmanagerw(smbstate, machinename)
   arguments = msrpctypes.marshall_unicode_ptr("\\\\" .. machinename, true)
 
   --        [in] [string,charset(UTF16)] uint16 *DatabaseName,
-  arguments = arguments .. msrpctypes.marshall_unicode_ptr(nil, true)
+  .. msrpctypes.marshall_unicode_ptr(nil, true)
 
   --        [in] uint32 access_mask,
-  -- arguments = arguments .. msrpctypes.marshall_int32(0x000f003f)
+  -- .. msrpctypes.marshall_int32(0x000f003f)
-  arguments = arguments .. msrpctypes.marshall_int32(0x02000000)
+  .. msrpctypes.marshall_int32(0x02000000)
 
   --        [out,ref] policy_handle *handle
 
@@ -3143,46 +3131,46 @@ function svcctl_createservicew(smbstate, handle, service_name, display_name, pat
   arguments = msrpctypes.marshall_policy_handle(handle)
 
   --        [in] [string,charset(UTF16)] uint16 ServiceName[],
-  arguments = arguments .. msrpctypes.marshall_unicode(service_name, true)
+  .. msrpctypes.marshall_unicode(service_name, true)
 
   --        [in] [string,charset(UTF16)] uint16 *DisplayName,
-  arguments = arguments .. msrpctypes.marshall_unicode_ptr(display_name, true)
+  .. msrpctypes.marshall_unicode_ptr(display_name, true)
 
   --        [in] uint32 desired_access,
-  arguments = arguments .. msrpctypes.marshall_int32(0x000f01ff) -- Access: Max
+  .. msrpctypes.marshall_int32(0x000f01ff) -- Access: Max
 
   --        [in] uint32 type,
-  arguments = arguments .. msrpctypes.marshall_int32(0x00000010) -- Type: own process
+  .. msrpctypes.marshall_int32(0x00000010) -- Type: own process
 
   --        [in] uint32 start_type,
-  arguments = arguments .. msrpctypes.marshall_int32(0x00000003) -- Start: Demand
+  .. msrpctypes.marshall_int32(0x00000003) -- Start: Demand
 
   --        [in] uint32 error_control,
-  arguments = arguments .. msrpctypes.marshall_int32(0x00000000) -- Error: Ignore
+  .. msrpctypes.marshall_int32(0x00000000) -- Error: Ignore
 
   --        [in] [string,charset(UTF16)] uint16 binary_path[],
-  arguments = arguments .. msrpctypes.marshall_unicode(path, true)
+  .. msrpctypes.marshall_unicode(path, true)
 
   --        [in] [string,charset(UTF16)] uint16 *LoadOrderGroupKey,
-  arguments = arguments .. msrpctypes.marshall_unicode_ptr(nil)
+  .. msrpctypes.marshall_unicode_ptr(nil)
 
   --        [in,out] uint32 *TagId,
-  arguments = arguments .. msrpctypes.marshall_int32_ptr(nil)
+  .. msrpctypes.marshall_int32_ptr(nil)
 
   --        [in,size_is(dependencies_size)] uint8 *dependencies,
-  arguments = arguments .. msrpctypes.marshall_int8_ptr(nil)
+  .. msrpctypes.marshall_int8_ptr(nil)
 
   --        [in] uint32 dependencies_size,
-  arguments = arguments .. msrpctypes.marshall_int32(0)
+  .. msrpctypes.marshall_int32(0)
 
   --        [in] [string,charset(UTF16)] uint16 *service_start_name,
-  arguments = arguments .. msrpctypes.marshall_unicode_ptr(nil)
+  .. msrpctypes.marshall_unicode_ptr(nil)
 
   --        [in,size_is(password_size)] uint8 *password,
-  arguments = arguments .. msrpctypes.marshall_int8_ptr(nil)
+  .. msrpctypes.marshall_int8_ptr(nil)
 
   --        [in] uint32 password_size,
-  arguments = arguments .. msrpctypes.marshall_int32(0)
+  .. msrpctypes.marshall_int32(0)
 
   --        [out,ref] policy_handle *handle
 
@@ -3297,10 +3285,10 @@ function svcctl_openservicew(smbstate, handle, name)
   arguments = msrpctypes.marshall_policy_handle(handle)
 
   --        [in] [string,charset(UTF16)] uint16 ServiceName[],
-  arguments = arguments .. msrpctypes.marshall_unicode(name, true)
+  .. msrpctypes.marshall_unicode(name, true)
 
   --        [in] uint32 access_mask,
-  arguments = arguments .. msrpctypes.marshall_int32(0x000f01ff)
+  .. msrpctypes.marshall_int32(0x000f01ff)
   --        [out,ref] policy_handle *handle
 
 
@@ -3352,14 +3340,10 @@ function svcctl_startservicew(smbstate, handle, args)
   arguments = msrpctypes.marshall_policy_handle(handle)
 
   --        [in] uint32 NumArgs,
-  if(args == nil) then
+  .. (args and msrpctypes.marshall_int32(#args) or msrpctypes.marshall_int32(0))
-    arguments = arguments .. msrpctypes.marshall_int32(0)
-  else
-    arguments = arguments .. msrpctypes.marshall_int32(#args)
-  end
 
   --        [in/*FIXME:,length_is(NumArgs)*/] [string,charset(UTF16)] uint16 *Arguments
-  arguments = arguments .. msrpctypes.marshall_unicode_array_ptr(args, true)
+  .. msrpctypes.marshall_unicode_array_ptr(args, true)
 
   -- Do the call
   status, result = call_function(smbstate, 0x13, arguments)
@@ -3408,7 +3392,7 @@ function svcctl_controlservice(smbstate, handle, control)
   arguments = msrpctypes.marshall_policy_handle(handle)
 
   --        [in] uint32 control,
-  arguments = arguments .. msrpctypes.marshall_svcctl_ControlCode(control)
+  .. msrpctypes.marshall_svcctl_ControlCode(control)
 
   --        [out,ref] SERVICE_STATUS *service_status
 
@@ -3520,7 +3504,7 @@ function atsvc_jobadd(smbstate, server, command, time)
   arguments = msrpctypes.marshall_unicode_ptr(server, true)
 
   --        [in] atsvc_JobInfo *job_info,
-  arguments = arguments .. msrpctypes.marshall_atsvc_JobInfo(command, time)
+  .. msrpctypes.marshall_atsvc_JobInfo(command, time)
   --        [out,ref]    uint32 *job_id
 
 
@@ -4897,7 +4881,7 @@ function RRAS_SubmitRequest(smbstate, pReqBuffer, dwcbBufSize)
   --[in, out, unique, size_is(dwcbBufSize) PBYTE pReqBuffer,
   req_blob = bin.pack("<IIAA", 0x20000, dwcbBufSize, pReqBuffer, get_pad(pReqBuffer,4)) --unique pointer see samba:ndr_push_unique_ptr
   --[in] DWORD dwcbBufSize
-  req_blob = req_blob .. msrpctypes.marshall_int32(dwcbBufSize)
+  .. msrpctypes.marshall_int32(dwcbBufSize)
   --call the function
   local status, result
   stdnse.debug(

nselib/msrpctypes.lua

@@ -1034,15 +1034,13 @@ end
 --       <code>data</code>.
 --@return A string representing the marshalled data.
 function marshall_int8_array(data, max_length)
-  local result = ""
-
   stdnse.debug4("MSRPC: Entering marshall_int8_array()")
 
   if(max_length == nil) then
     max_length = #data
   end
 
-  result = result .. bin.pack("<IIIA", max_length, 0, #data, data)
+  local result = bin.pack("<IIa", max_length, 0, data)
 
   stdnse.debug4("MSRPC: Leaving marshall_int8_array()")
 
@@ -1797,8 +1795,8 @@ function marshall_lsa_String_array2(strings)
   end
 
   result = marshall_int32(1000) -- Max length
-  result = result .. marshall_int32(0) -- Offset
+  .. marshall_int32(0) -- Offset
-  result = result .. marshall_array(array)
+  .. marshall_array(array)
 
   --require 'nsedebug'
   --nsedebug.print_hex(result)
@@ -1977,10 +1975,10 @@ local function marshall_lsa_TranslatedSid2(location, sid_type, rid, sid_index, u
   if(unknown == nil)   then unknown   = 0 end
 
   if(location == HEAD or location == ALL) then
-    result = result .. marshall_lsa_SidType(sid_type)
+    result = marshall_lsa_SidType(sid_type)
-    result = result .. marshall_int32(rid)
+    .. marshall_int32(rid)
-    result = result .. marshall_int32(sid_index)
+    .. marshall_int32(sid_index)
-    result = result .. marshall_int32(unknown)
+    .. marshall_int32(unknown)
   end
 
   if(location == BODY or location == ALL) then
@@ -2062,10 +2060,10 @@ local function marshall_lsa_TranslatedName2(location, sid_type, name, sid_index,
   if(unknown == nil)   then unknown   = 0 end
 
   if(location == HEAD or location == ALL) then
-    result = result .. marshall_lsa_SidType(sid_type)
+    result = marshall_lsa_SidType(sid_type)
-    result = result .. marshall_lsa_String_internal(HEAD, name)
+    .. marshall_lsa_String_internal(HEAD, name)
-    result = result .. marshall_int32(sid_index)
+    .. marshall_int32(sid_index)
-    result = result .. marshall_int32(unknown)
+    .. marshall_int32(unknown)
   end
 
   if(location == BODY or location == ALL) then
@@ -2122,11 +2120,9 @@ end
 --@param sids An array of SIDs to translate (as strings)
 --@return A string representing the marshalled data.
 function marshall_lsa_TransSidArray2(sids)
-  local result = ""
   local array = {}
   stdnse.debug4("MSRPC: Entering marshall_lsa_TransSidArray2()")
 
-  result = result .. marshall_int32(#sids)
 
   for i = 1, #sids, 1 do
     array[i] = {}
@@ -2134,7 +2130,8 @@ function marshall_lsa_TransSidArray2(sids)
     array[i]['args'] = {sids[i]['sid_type'], sids[i]['rid'], sids[i]['sid_index'], sids[i]['unknown']}
   end
 
-  result = result .. marshall_ptr(ALL, marshall_array, {array}, array)
+  local result = marshall_int32(#sids)
+  .. marshall_ptr(ALL, marshall_array, {array}, array)
 
   stdnse.debug4("MSRPC: Leaving marshall_lsa_TransSidArray2()")
   return result
@@ -2305,13 +2302,12 @@ end
 --
 --@return A string representing the marshalled data.
 function marshall_lsa_QosInfo()
-  local result = ""
   stdnse.debug4("MSRPC: Entering marshall_lsa_QosInfo()")
 
-  result = result .. marshall_int32(12)
+  local result = marshall_int32(12)
-  result = result .. marshall_int16(2, false)
+  .. marshall_int16(2, false)
-  result = result .. marshall_int8(1, false)
+  .. marshall_int8(1, false)
-  result = result .. marshall_int8(0, false)
+  .. marshall_int8(0, false)
 
   stdnse.debug4("MSRPC: Leaving marshall_lsa_QosInfo()")
   return result
@@ -2335,15 +2331,14 @@ end
 --
 --@return A string representing the marshalled data.
 function marshall_lsa_ObjectAttribute()
-  local result = ""
   stdnse.debug4("MSRPC: Entering marshall_lsa_ObjectAttribute()")
 
-  result = result .. marshall_int32(24)
+  local result = marshall_int32(24)
-  result = result .. marshall_int32(0)  -- Null'ing out these pointers for now. Maybe we'll need them in the future...
+  .. marshall_int32(0)  -- Null'ing out these pointers for now. Maybe we'll need them in the future...
-  result = result .. marshall_int32(0)
+  .. marshall_int32(0)
-  result = result .. marshall_int32(0)
+  .. marshall_int32(0)
-  result = result .. marshall_int32(0)
+  .. marshall_int32(0)
-  result = result .. marshall_ptr(ALL, marshall_lsa_QosInfo, {})
+  .. marshall_ptr(ALL, marshall_lsa_QosInfo, {})
 
   stdnse.debug4("MSRPC: Leaving marshall_lsa_ObjectAttribute()")
   return result
@@ -2385,18 +2380,16 @@ end
 --@param sids The array of SIDs to marshall (as strings).
 --@return A string representing the marshalled data.
 function marshall_lsa_SidArray(sids)
-  local result = ""
   local array = {}
 
-  result = result .. marshall_int32(#sids)
-
   for i = 1, #sids, 1 do
     array[i] = {}
     array[i]['func'] = marshall_lsa_SidPtr
     array[i]['args'] = {sids[i]}
   end
 
-  result = result .. marshall_ptr(ALL, marshall_array, {array}, array)
+  local result = marshall_int32(#sids)
+  .. marshall_ptr(ALL, marshall_array, {array}, array)
 
   return result
 end
@@ -4653,14 +4646,12 @@ end
 --               file.
 --@param time The time at which to run the job, in milliseconds from midnight.
 function marshall_atsvc_JobInfo(command, time)
-  local result = ""
+  local result = marshall_int32(time)                       -- Job time
-
+  .. marshall_int32(0)                          -- Day of month
-  result = result .. marshall_int32(time)                       -- Job time
+  .. marshall_int8(0, false)                    -- Day of week
-  result = result .. marshall_int32(0)                          -- Day of month
+  .. marshall_atsvc_Flags("JOB_NONINTERACTIVE") -- Flags
-  result = result .. marshall_int8(0, false)                    -- Day of week
+  .. marshall_int16(0, false)                   -- Padding
-  result = result .. marshall_atsvc_Flags("JOB_NONINTERACTIVE") -- Flags
+  .. marshall_unicode_ptr(command, true)        -- Command
-  result = result .. marshall_int16(0, false)                   -- Padding
-  result = result .. marshall_unicode_ptr(command, true)        -- Command
 
   return result
 end

nselib/mssql.lua

@@ -1903,15 +1903,15 @@ NTAuthenticationPacket = {
     local sessionkey_offset = hostname_offset + #hostname
 
     local data = bin.pack("<AISSI", ntlmssp, NTLMSSP_AUTH, #lm_response, #lm_response, lm_response_offset)
-    data = data .. bin.pack("<SSI", #ntlm_response, #ntlm_response, ntlm_response_offset)
+    .. bin.pack("<SSI", #ntlm_response, #ntlm_response, ntlm_response_offset)
-    data = data .. bin.pack("<SSI", #domain, #domain, domain_offset)
+    .. bin.pack("<SSI", #domain, #domain, domain_offset)
-    data = data .. bin.pack("<SSI", #user, #user, username_offset)
+    .. bin.pack("<SSI", #user, #user, username_offset)
-    data = data .. bin.pack("<SSI", #hostname, #hostname, hostname_offset)
+    .. bin.pack("<SSI", #hostname, #hostname, hostname_offset)
-    data = data .. bin.pack("<SSI", #sessionkey, #sessionkey, sessionkey_offset)
+    .. bin.pack("<SSI", #sessionkey, #sessionkey, sessionkey_offset)
-    data = data .. bin.pack("<I", flags)
+    .. bin.pack("<I", flags)
-    data = data .. bin.pack("A", domain)
+    .. bin.pack("A", domain)
-    data = data .. bin.pack("A", user )
+    .. bin.pack("A", user )
-    data = data .. lm_response .. ntlm_response
+    .. lm_response .. ntlm_response
 
     return PacketType.NTAuthentication, data
   end,

nselib/ncp.lua

@@ -177,10 +177,9 @@ Packet = {
       self.ncp_ip.length or 0, self.ncp_ip.version,
       self.ncp_ip.replybuf, self.type, self.seqno,
       self.conn, self.task, UNKNOWN, self.func )
-
+    .. (self.length and bin.pack(">S", self.length) or "")
-    if ( self.length ) then data = data .. bin.pack(">S", self.length) end
+    .. (self.subfunc and bin.pack("C", self.subfunc) or "")
-    if ( self.subfunc ) then data = data .. bin.pack("C", self.subfunc) end
+    .. (self.data or "")
-    if ( self.data ) then data = data .. bin.pack("A", self.data) end
 
     return data
   end,
@@ -944,10 +943,10 @@ NCP = {
     unknown, iter_handle, entry.id, info_flags )
 
     -- no name filter
-    data = data .. "\0\0\0\0"
+    .. "\0\0\0\0"
 
     -- no class filter
-    data = data .. "\0\0\0\0"
+    .. "\0\0\0\0"
 
     p:setData(data)
     local status, entries = self:Exch( p )

nselib/ospf.lua

@@ -98,15 +98,17 @@ OSPF = {
     end,
 
     __tostring = function(self)
-      local hdr = bin.pack(">CCS", self.ver, self.type, self.length )
+      local auth
-      hdr = hdr .. bin.pack(">IISS", ipOps.todword(self.router_id), self.area_id, self.chksum, self.auth_type)
       if self.auth_type == 0x00 then
-        hdr = hdr .. bin.pack(">L", 0x00)
+        auth = bin.pack(">L", 0x00)
       elseif self.auth_type == 0x01 then
-        hdr = hdr .. bin.pack(">A8", self.auth_data.password)
+        auth = bin.pack(">A8", self.auth_data.password)
       elseif self.auth_type == 0x02 then
-        hdr = hdr .. bin.pack(">A".. self.auth_data.length, self.auth_data.hash)
+        auth = bin.pack(">A".. self.auth_data.length, self.auth_data.hash)
       end
+      local hdr = bin.pack(">CCS", self.ver, self.type, self.length )
+      .. bin.pack(">IISS", ipOps.todword(self.router_id), self.area_id, self.chksum, self.auth_type)
+      .. auth
       return hdr
     end,
 

nselib/sasl.lua

@@ -143,14 +143,14 @@ if HAVE_SSL then
       end
 
       local response = "username=\"" .. self.username .. "\""
-      response = response .. (",%s=\"%s\""):format("realm", realm)
+      .. (",%s=\"%s\""):format("realm", realm)
-      response = response .. (",%s=\"%s\""):format("nonce", self.challnvs.nonce)
+      .. (",%s=\"%s\""):format("nonce", self.challnvs.nonce)
-      response = response .. (",%s=\"%s\""):format("cnonce", cnonce)
+      .. (",%s=\"%s\""):format("cnonce", cnonce)
-      response = response .. (",%s=%08d"):format("nc", self.nc)
+      .. (",%s=%08d"):format("nc", self.nc)
-      response = response .. (",%s=%s"):format("qop", "auth")
+      .. (",%s=%s"):format("qop", "auth")
-      response = response .. (",%s=\"%s\""):format("digest-uri", uri)
+      .. (",%s=\"%s\""):format("digest-uri", uri)
-      response = response .. (",%s=%s"):format("response", digest)
+      .. (",%s=%s"):format("response", digest)
-      response = response .. (",%s=%s"):format("charset", "utf-8")
+      .. (",%s=%s"):format("charset", "utf-8")
 
       -- response_table is used in http library because the request should
       -- be a little bit different then the string generated above

nselib/smb.lua

@@ -2150,7 +2150,7 @@ local function send_transaction2(smb, sub_command, function_parameters, function
     )
 
   local data = "\0\0\0" .. (function_parameters or '')
-  data = data .. (function_data or '')
+  .. (function_data or '')
 
   -- Send the transaction request
   stdnse.debug2("SMB: Sending SMB_COM_TRANSACTION2")
@@ -2262,8 +2262,23 @@ function send_transaction_named_pipe(smb, function_parameters, function_data, pi
     data_size         = #function_data
   end
 
+  local setup
+  if(no_setup) then
+    setup = bin.pack("<CC",
+      0x00,                            -- Number of 'setup' words (none)
+      0x00                             -- Reserved.
+      )
+  else
+    setup = bin.pack("<CCSS",
+      0x02,                            -- Number of 'setup' words
+      0x00,                            -- Reserved.
+      0x0026,                          -- Function to call.
+      smb['fid']                       -- Handle to open file
+      )
+  end
+
   -- Parameters are 0x20 bytes long.
-  parameters = bin.pack("<SSSSCCSISSSSS",
+  parameters = bin.pack("<SSSSCCSISSSSSA",
     parameter_size,                  -- Total parameter count.
     data_size,                       -- Total data count.
     0x0008,                          -- Max parameter count.
@@ -2276,28 +2291,14 @@ function send_transaction_named_pipe(smb, function_parameters, function_data, pi
     parameter_size,                  -- Parameter bytes.
     parameter_offset,                -- Parameter offset.
     data_size,                       -- Data bytes.
-    data_offset                      -- Data offset.
+    data_offset,                     -- Data offset.
+    setup
     )
 
-  if(no_setup) then
-    parameters = parameters .. bin.pack("<CC",
-      0x00,                            -- Number of 'setup' words (none)
-      0x00                             -- Reserved.
-      )
-  else
-    parameters = parameters .. bin.pack("<CCSS",
-      0x02,                            -- Number of 'setup' words
-      0x00,                            -- Reserved.
-      0x0026,                          -- Function to call.
-      smb['fid']                       -- Handle to open file
-      )
-  end
-
   data = bin.pack("<z", pipe)
-  data = data .. bin.pack("<I", 0) -- Padding
+  .. bin.pack("<I", 0) -- Padding
-
+  .. (function_parameters or '')
-  data = data .. (function_parameters or '')
+  .. (function_data or '')
-  data = data .. (function_data or '')
 
   -- Send the transaction request
   stdnse.debug2("SMB: Sending SMB_COM_TRANSACTION")
@@ -2715,13 +2716,11 @@ function find_files(smbstate, fname, options)
     ( options.srch_attrs.archive and 32 or 0 ))
 
   if ( not(fname) ) then
-    fname = '\\*'
+    fname = '\\*\0'
   elseif( fname:sub(1,1) ~= '\\' ) then
-    fname = '\\' .. fname
+    fname = '\\' .. fname .. '\0'
   end
 
-  fname = fname .. '\0'
-
   -- Sends the request and takes care of short/fragmented responses
   local function send_and_receive_find_request(smbstate, trans_type, function_parameters)
 

nselib/ssh2.lua

@@ -110,11 +110,11 @@ transport.kex_init = function( options )
   local languages = options['languages'] or ""
 
   local payload = bin.pack( ">cAaa", SSH2.SSH_MSG_KEXINIT, cookie, kex_algorithms, host_key_algorithms )
-  payload = payload .. bin.pack( ">aa", encryption_algorithms, encryption_algorithms )
+  .. bin.pack( ">aa", encryption_algorithms, encryption_algorithms )
-  payload = payload .. bin.pack( ">aa", mac_algorithms, mac_algorithms )
+  .. bin.pack( ">aa", mac_algorithms, mac_algorithms )
-  payload = payload .. bin.pack( ">aa", compression_algorithms, compression_algorithms )
+  .. bin.pack( ">aa", compression_algorithms, compression_algorithms )
-  payload = payload .. bin.pack( ">aa", languages, languages )
+  .. bin.pack( ">aa", languages, languages )
-  payload = payload .. bin.pack( ">cI", 0, 0 )
+  .. bin.pack( ">cI", 0, 0 )
 
   return payload
 end

nselib/url.lua

@@ -81,7 +81,7 @@ end
 local function absolute_path(base_path, relative_path)
   if string.sub(relative_path, 1, 1) == "/" then return relative_path end
   local path = string.gsub(base_path, "[^/]*$", "")
-  path = path .. relative_path
+  .. relative_path
   path = string.gsub(path, "([^/]*%./)", function (s)
     if s ~= "./" then return s else return "" end
   end)

nselib/vuzedht.lua

@@ -122,7 +122,7 @@ Request = {
     -- Converts a FindNode Request to a string
     __tostring = function(self)
       local data = tostring(self.header)
-      data = data .. bin.pack(">CAII", self.id_length, self.node_id, self.status, self.dht_size)
+      .. bin.pack(">CAII", self.id_length, self.node_id, self.status, self.dht_size)
       return data
     end,
   }

nselib/wsdd.lua

@@ -165,9 +165,9 @@ Decoders = {
   -- @return status true on success, false on failure
   -- @return err string containing the error message
   ['error'] = function( data )
-    local response = "Failed to decode response from device: "
     local err = data:match("<SOAP.-ENV:Reason><SOAP.-ENV:Text>(.-)<")
-    response = response .. (err or "Unknown error")
+    local response = "Failed to decode response from device: "
+    .. (err or "Unknown error")
 
     return true, response
   end,