Pcap nsock sockets in NSE were cached so that multiple threads opening
the "same" pcap descriptor (same device, bpf, promisc, snaplen) would
get the same socket object. This is a leftover from a very old design
that would multiplex captured packets to each thread, but for a long
time that meant that each thread would just get whatever packets were
available and miss any that another thread received. This almost never
happened because scripts don't use identical pcap descriptors generally.
But it did complicate garbage collection, resulting in segfaults and
assertion failures in certain scenarios such as double-closing a socket.
If an event is canceled, report it to the waiting thread as an error.
Previous behavior left a waiting thread waiting forever, so NSE never
stopped.
If the event is killed, that means Nsock is being shut down, so this is
coming from the garbage collection handler and we don't want to restore
anything. Just return instead.
MS SQL NSE scripts run on database instances, which can be TCP or named
pipes. With this change, all TCP instances on scanned ports will have
script output attached under the port as a portrule script. Named pipe
instances and TCP instances on unscanned ports will be displayed in the
hostrule script output at the end of the host's output. Utility function
mssql.Helper.InitScript makes it easy to write scripts that just work on
a per-instance basis, without bothering where to put the output.
Discovery will be done once per host, regardless of how many scripts are
run, and can be guaranteed to be done before the script's action takes
place.
A script might check WasDiscoveryPerformed and get a negative response,
then call Discover, during which time another script already called
Discover. Instead, check the condition *after* acquiring the mutex.
Try to receive enough bytes for the next unpack. If any socket operation
fails, or if it doesn't receive enough for the unpack, a Lua error is
thrown. The pcall in the action function will catch that and interpret
it as not-vuln.
Fixes#2355
Save some memory and effort when parsing UDP payloads by reusing the
rather large buffer inside each token when possible, and only using
std::string::append() when necessary. For the current file, this avoids
*all* reallocations.
Storing a pointer instead of the whole struct payload enables us to
reuse the same struct for as many ports as the payload defines, saving
memory as well as the time to copy the struct and its std::string
member. This commit also avoids several copy constructions and deletions
of the payload vector for each port defined in the file.
