The docbook-to-nroff XSL pages turn indexterms into nroff comments, but
have a bug: If the closing indexterm element is not followed by
whitespace and cdata, then the following element or cdata is stuck on
the same line as the comment. Fixed this temporarily by introducing
whitespace between </indexterm> and following cdata or by moving the
indexterm elements after any other element (<command>, <term>, etc.)
that they reference.
Reported on debian bugtracker here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724580
We can't remove an fdinfo from client_fdlist and still expect to access
the fdinfo via a pointer we got from get_fdinfo(&client_fdlist) since
rm_fd() modifies the data at the address pointed to. So instead of
removing it from the list and then adding it right back, we just don't
remove it in the first place.
Haven't seen this, and it shouldn't happen, but it's possible for a
server to send the same protocol version in the record, but a different
one in the body. This wouldn't be valid, so we should reject it.
Reordered postgres matches to put language matches below version matches, and
wildcarded language that would be gettext-translated. Should detect versions
better, but only detect language when the version match fails.
If service scan failed to find a match, the probe responses are cached.
Now http-server-header will look through those responses before sending
a probe of its own. This should result in better detection with fewer
probes sent.
Also changed the Server header string match to case-insensitive.
The @xmloutput section documentation is not done, and I'm not sure how
to best do it, since it will be the same for all brute.lua scripts. This
is how it looks:
metasploit-msgrpc-brute:
<table key="Accounts">
<table>
<elem key="username">root</elem>
<elem key="state">Valid credentials</elem>
<elem key="password">root</elem>
</table>
</table>
<elem key="Statistics">Performed 3 guesses in 4 seconds, average tps: 0</elem>
creds-summary:
<table key="127.0.0.1">
<table key="9929/nping-echo">
<table>
<elem key="password">123456</elem>
<elem key="state">Valid credentials</elem>
</table>
</table>
<table key="55553/unknown">
<table>
<elem key="username">root</elem>
<elem key="state">Valid credentials</elem>
<elem key="password">root</elem>
</table>
</table>
</table>
In addition to fitting better (brute library is the verb, creds library
is the noun), this will allow creds.lua to use creds.Account internally
where necessary (see subsequent commits)
Also change old references to string argument "OPEN" into
creds.State.VALID.
This allows stdnse.keys to be used in a __pairs metamethod to, for
instance, yield keys in sorted order. Using next() bypasses the __pairs
metamethod that would be called when pairs() was used. Otherwise,
infinite recursion was possible.
