scripts to bail. (This is why Ron saw a backtrace when path-mtu elicited an
EMSGSIZE [a separate issue I'm still working on] instead of path-mtu
recognizing the failure and resending with a smaller MTU like it would do
before.) I'm changing this back to the original design of returning false to
scripts (just like connect-mode send failures).
I've changed safe_error() in nse_utility.cc to support varargs.
referencing deallocated memory.
The class was defined basically as follows:
class ScriptResult
{
private:
std::string output;
public:
std::string get_output() const
{
return this->output;
}
};
The problem was when it was used like this, as in our script output
routines:
const char *s = sr.get_output().c_str();
printf("%s\n", s);
The reason is that the temporary std::string returned by get_output goes
out of scope after the line containing it, which invalidates the memory
pointed to by c_str(). By the time of the printf, s may be pointing to
deallocated memory.
This could have been fixed by returning a const reference that would
remain valid as long as the ScriptResult's output member is valid:
const std::string& get_output() const
{
return this->output;
}
However I noticed that get_output() was always immediately followed by a
c_str(), so I just had get_output return that instead, which has the
same period of validity.
This problem became visiable when compiling with Visual C++ 2010. The
first four bytes of script output in normal output would be garbage
(probably some kind of free list pointer). It didn't happen in XML
output, because the get_output-returned string happened to remain in
scope during that.
adated from a patch by Rob Nicholls. Since gtk.Tooltip was only introduced in
PyGTK 2.12, wrap it in a function that checks if the necessary function is
available.
./scripts/domino-enum-users.nse:113: variable 'filename' is not declared
stack traceback:
[C]: in function 'error'
./nselib/strict.lua:69: in function <./nselib/strict.lua:60>
./scripts/domino-enum-users.nse:113: in function <./scripts/domino-enum-users.nse:66>
(tail call): ?
[Patrik]
./scripts/ldap-brute.nse:75: attempt to get length of local 'contexts' (a nil value)
stack traceback:
./scripts/ldap-brute.nse:75: in function 'get_naming_context'
./scripts/ldap-brute.nse:121: in function <./scripts/ldap-brute.nse:95>
(tail call): ?
