Changes the port type returned from url.parse() to an actual integer, as

opposed to a string that represents an integer. Fixes nmap#833, fixes nmap#817.
ibenrodriguez · Apr 19, 2017 · af6bbc3 · af6bbc3
1 parent 339283d
commit af6bbc3
Show file tree

Hide file tree

Showing 6 changed files with 15 additions and 11 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE][GH#833] Function url.parse() now returns the port part as a number,
+  not a string, which eliminates various inconsistencies in scripts that
+  consume the function. [nnposter]
+
 o [NSE][GH#854] New script smb-double-pulsar-backdoor detects the Shadow
   Brokers-leaked Double Pulsar backdoor in Windows SMB servers. [Andrew Orr]
 

diff --git a/nselib/data/http-default-accounts-fingerprints.lua b/nselib/data/http-default-accounts-fingerprints.lua
@@ -175,9 +175,9 @@ local function url_build_defaults (host, port, parsed)
   local parts = tcopy(parsed or {})
   parts.host = parts.host or stdnse.get_hostname(host, port)
   parts.scheme = parts.scheme or shortport.ssl(host, port) and "https" or "http"
-  local pn = parts.port or tostring(port.number)
-  if not (parts.scheme == "http" and pn == "80"
-       or parts.scheme == "https" and pn == "443") then
+  local pn = parts.port or port.number
+  if not (parts.scheme == "http" and pn == 80
+       or parts.scheme == "https" and pn == 443) then
     parts.port = pn
   end
   return parts

diff --git a/nselib/http.lua b/nselib/http.lua
@@ -1504,7 +1504,7 @@ local redirect_ok_rules = {
         url_port = 443
       end
     end
-    if (not url_port) or tonumber(url_port) == port.number then
+    if not url_port or url_port == port.number then
       return true
     end
     return false

diff --git a/nselib/httpspider.lua b/nselib/httpspider.lua
@@ -133,7 +133,7 @@ Options = {
         local parsed_u = url.parse(tostring(u))
 
         if ( o.base_url:getPort() ~= 80 and o.base_url:getPort() ~= 443 ) then
-          if ( tonumber(parsed_u.port) ~= tonumber(o.base_url:getPort()) ) then
+          if ( parsed_u.port ~= tonumber(o.base_url:getPort()) ) then
             return false
           end
         elseif ( parsed_u.scheme ~= o.base_url:getProto() ) then
@@ -149,7 +149,7 @@ Options = {
       o.withindomain = function(u)
         local parsed_u = url.parse(tostring(u))
         if ( o.base_url:getPort() ~= 80 and o.base_url:getPort() ~= 443 ) then
-          if ( tonumber(parsed_u.port) ~= tonumber(o.base_url:getPort()) ) then
+          if ( parsed_u.port ~= tonumber(o.base_url:getPort()) ) then
             return false
           end
         elseif ( parsed_u.scheme ~= o.base_url:getProto() ) then
@@ -553,7 +553,7 @@ Crawler = {
   iswithinhost = function(self, u)
     local parsed_u = url.parse(tostring(u))
     if ( self.options.base_url:getPort() ~= 80 and self.options.base_url:getPort() ~= 443 ) then
-      if ( tonumber(parsed_u.port) ~= tonumber(self.options.base_url:getPort()) ) then
+      if ( parsed_u.port ~= tonumber(self.options.base_url:getPort()) ) then
         return false
       end
     elseif ( parsed_u.scheme ~= self.options.base_url:getProto() ) then
@@ -570,7 +570,7 @@ Crawler = {
   iswithindomain = function(self, u)
     local parsed_u = url.parse(tostring(u))
     if ( self.options.base_url:getPort() ~= 80 and self.options.base_url:getPort() ~= 443 ) then
-      if ( tonumber(parsed_u.port) ~= tonumber(self.options.base_url:getPort()) ) then
+      if ( parsed_u.port ~= tonumber(self.options.base_url:getPort()) ) then
         return false
       end
     elseif ( parsed_u.scheme ~= self.options.base_url:getProto() ) then

diff --git a/nselib/url.lua b/nselib/url.lua
@@ -183,8 +183,8 @@ function parse(url, default)
   if not authority then return parsed end
   authority = string.gsub(authority,"^([^@]*)@",
                 function(u) parsed.userinfo = u; return "" end)
-  authority = string.gsub(authority, ":([0-9]*)$",
-                function(p) if p ~= "" then parsed.port = p end; return "" end)
+  authority = string.gsub(authority, ":(%d+)$",
+                function(p) parsed.port = tonumber(p); return "" end)
   if authority ~= "" then parsed.host = authority end
   local userinfo = parsed.userinfo
   if not userinfo then return parsed end

diff --git a/scripts/http-form-brute.nse b/scripts/http-form-brute.nse
@@ -347,7 +347,7 @@ local function path_ok (path, hostname, port)
   if pparts.authority then
     if pparts.userinfo
       or ( pparts.host ~= hostname )
-      or ( pparts.port and tonumber(pparts.port) ~= port.number ) then
+      or ( pparts.port and pparts.port ~= port.number ) then
       return false
     end
   end