Commit 9385413b authored by Sophie Brun's avatar Sophie Brun
Browse files

Refresh patch and import upstream patch to fix issue

See https://bugs.kali.org/view.php?id=6176
parent 8722f422
Pipeline #125061351 failed with stages
in 17 minutes and 33 seconds
nmap (7.80+dfsg1-2kali2) kali-dev; urgency=medium
* Refresh patch and import upstream patch to fix issue
-- Sophie Brun <sophie@offensive-security.com> Tue, 10 Mar 2020 17:52:31 +0100
nmap (7.80+dfsg1-2kali1) kali-dev; urgency=medium
* Import new upstream release. Keep libpcap embedded for Kali
......
......@@ -7,7 +7,7 @@ Subject: Use Debian's ca-certificates
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ncat/ncat_posix.c b/ncat/ncat_posix.c
index 3b01936..f7510d8 100644
index 12207c0..3b32a5f 100644
--- a/ncat/ncat_posix.c
+++ b/ncat/ncat_posix.c
@@ -415,7 +415,7 @@ void set_lf_mode(void)
......
From: Sophie Brun <sophie@offensive-security.com>
Date: Tue, 10 Mar 2020 17:49:19 +0100
Subject: Fix smb-os-discovery
Last-Update: 2020-03-10
Description: import upstream patch
https://github.com/nmap/nmap/commit/c491143358f3417ed7f6712ae8a9d3e48699463a
---
CHANGELOG | 4 ++++
nselib/smb.lua | 11 ++++++-----
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
index d11b091..6e0b3b3 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,9 @@
#Nmap Changelog ($Id: CHANGELOG 37693 2019-07-31 18:08:34Z dmiller $); -*-text-*-
+o [NSE][GH#1476][GH#1707] A MS-SMB spec non-compliance in Samba was causing
+ protocol negotiation to fail with data string too short error.
+ [Clément Notin, nnposter]
+
Nmap 7.80 [2019-08-01]
o [Security][Windows] Address CVE-2019-1552 in OpenSSL by building with the prefix
diff --git a/nselib/smb.lua b/nselib/smb.lua
index 1b54328..e95dd7d 100644
--- a/nselib/smb.lua
+++ b/nselib/smb.lua
@@ -1019,15 +1019,11 @@ function negotiate_v1(smb, overrides)
end
-- Data section
- if #data < smb.key_length then
- return false, "SMB: ERROR: not enough data for server_challenge"
- end
- smb.server_challenge, pos = string.unpack(string.format("<c%d", smb['key_length']), data)
if(smb['extended_security'] == true) then
if #data < 16 then
return false, "SMB: ERROR: not enough data for extended security"
end
- smb.server_guid, pos = string.unpack("<c16", data, pos)
+ smb.server_guid, pos = string.unpack("<c16", data)
-- do we have a security blob?
if ( #data - pos > 0 ) then
@@ -1035,6 +1031,11 @@ function negotiate_v1(smb, overrides)
pos = #data + 1
end
else
+ if #data < smb.key_length then
+ return false, "SMB: ERROR: not enough data for server_challenge"
+ end
+ smb.server_challenge, pos = string.unpack(string.format("<c%d", smb['key_length']), data)
+
-- Get the (null-terminated) domain as a Unicode string
smb['domain'] = ""
smb['server'] = ""
......@@ -2,3 +2,4 @@
0003-Link-against-lua-lpeg.patch
0005-ncat-manpage-self-reference.patch
0004-Python3-port-of-ndiff.patch
fix-smb-os-discovery.patch
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment