Mailing List Archive

On Thu, Oct 06, 2005 at 10:29:55AM -0700, Jon Passki wrote:

> I'm noticing weird behavior with substr and am wondering if this is
> excepted behavior.

I think we're dealing with undefined behaviour, actually. And it
illustrates a drawback of using "+" for string concatenation rather than
calling string() or raw_string() explicitly.

For reference, look at Michel's NASL reference manual, available online at:

http://michel.arboi.free.fr/nasl2ref/

In particular, read up on the difference between pure and impure strings
(in the section about the string type), the "+" operator's special
behaviour, and the display(), string(), and substr() string manipulation
functions.

NB: below, I'll write "<NL>" to refer to the character newline,
ASCII(0x0a). And when I write "\n" I'm referring to two characters -- a
backslash followed by the character "n".

> Here's an example:
....
> stuff = "nessus";

Here, stuff is an impure string because you've enclosed it in double-quotes.

> c = display ("Stuff: " + stuff + "\n");

Let's look first at the argument to display(). There are three parts to
it, each an impure string because it's written in double-quotes. The sum
is also an impure string -- there's no conversion necessary so the
result remains an impure string like its arguments -- "Stuff: nessus\n",
which is actually 15 characters long. [.If you don't believe me, add the
following code to your script and rerun it:]

if (strlen("Stuff: " + stuff + "\n") == 15)
display("Hey, strlen() does return 15!\n");

Yet when display() goes to actually display these 15 characters, it
calls string() to convert the sum to a pure string, which in turn parses
and converts escape sequences in the sum so "\n" becomes "<NL>". Thus,
display() actually outputs "Stuff: nessus<NL>" and the value 14 is
assigned to c.

> newst = substr(stuff,0);

Now here I'm not sure what type of string substr() should return --
Michel's reference doesn't say.

> c = display ("Newst: " + newst + "\n");

As before, look at the argument first... the sum of two impure strings
and what??? If newst were an impure string, then the sum would be the
impure string "Newst: nessus\n", display() would output "Newst:
nessus<NL>", and c would be assigned 14, similar to the earlier code.

But what if substr() returns a pure string? Adding a pure string and an
impure string causes the latter to be converted to a pure string without
escape sequence interpretation so the sum winds up being the _pure_
string "Newst: nessus\n".

In displaying the result, though, display() calls string() to convert
the sum to a pure string. Yet since the sum is itself a pure string,
string() leaves it as it is, display() outputs "Newst: nessus\n" and
assigns the value 15 to c.

All clear now?

Georege
--
theall@tenablesecurity.com
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

On Thu Oct 06 2005 at 19:29, Jon Passki wrote:

> I'm noticing weird behavior with substr and am wondering if this is
> excepted behavior.

Yes, this is expected, although I admit it is rather suprising.

The problem comes from display(), which calls string() before printing a
"STRING2" / CONST_STR (string between double quotes) and does not for
a "STRING1" / CONST_DATA (strings between simple quotes)
[becauseof backward compatibility]

substr() always returns a "STRING1" / CONST_DATA, whatever its
argument type is.
And + returns a STRING1 if one of its arguments is a STRING1

> newst = substr(stuff,0);

Here, you converted stuff from "nessus" to 'nessus'

> ("c: " + c + "\n");

This is equivalent to :
"c:" + 'nessus' + "\n" = 'c:' + 'nessus' + '\\n'

> So, am I missing something

Before you do string manipulation, make sure that you called string()
where needed.
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers