Re: [Plugins-writers] Weird behavior with substr

• Previous message: Renaud Deraison: "Re: [Plugins-writers] Converting a string to an int that's greater than 2^31-1"
• In reply to: Jon Passki: "[Plugins-writers] Weird behavior with substr"
• Next in thread: Michel Arboi: "Re: [Plugins-writers] Weird behavior with substr"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Thu, Oct 06, 2005 at 10:29:55AM -0700, Jon Passki wrote:

> I'm noticing weird behavior with substr and am wondering if this is
> excepted behavior.  

I think we're dealing with undefined behaviour, actually. And it
illustrates a drawback of using "+" for string concatenation rather than
calling string() or raw_string() explicitly.

For reference, look at Michel's NASL reference manual, available online at:

  http://michel.arboi.free.fr/nasl2ref/

In particular, read up on the difference between pure and impure strings
(in the section about the string type), the "+" operator's special
behaviour, and the display(), string(), and substr() string manipulation
functions.

NB: below, I'll write "<NL>" to refer to the character newline,
ASCII(0x0a). And when I write "\n" I'm referring to two characters -- a
backslash followed by the character "n".

> Here's an example:
....
> stuff = "nessus";

Here, stuff is an impure string because you've enclosed it in double-quotes.

> c = display ("Stuff: " + stuff + "\n");

Let's look first at the argument to display(). There are three parts to
it, each an impure string because it's written in double-quotes. The sum
 is also an impure string -- there's no conversion necessary so the
result remains an impure string like its arguments -- "Stuff: nessus\n",
which is actually 15 characters long. [If you don't believe me, add the
following code to your script and rerun it:]

  if (strlen("Stuff: " + stuff + "\n") == 15)
    display("Hey, strlen() does return 15!\n");

Yet when display() goes to actually display these 15 characters, it
calls string() to convert the sum to a pure string, which in turn parses
and converts escape sequences in the sum so "\n" becomes "<NL>". Thus,
display() actually outputs "Stuff: nessus<NL>" and the value 14 is
assigned to c.

> newst = substr(stuff,0);

Now here I'm not sure what type of string substr() should return --
Michel's reference doesn't say.

> c = display ("Newst: " + newst + "\n");

As before, look at the argument first... the sum of two impure strings
and what??? If newst were an impure string, then the sum  would be the
impure string "Newst: nessus\n", display() would output "Newst:
nessus<NL>", and c would be assigned 14, similar to the earlier code.

But what if substr() returns a pure string? Adding a pure string and an
impure string causes the latter to be converted to a pure string without
escape sequence interpretation so the sum winds up being the _pure_
string "Newst: nessus\n".

In displaying the result, though, display() calls string() to convert
the sum to a pure string. Yet since the sum is itself a pure string,
string() leaves it as it is, display() outputs "Newst: nessus\n" and
assigns the value 15 to c.

All clear now?

Georege
-- 
theall@private
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Previous message: Renaud Deraison: "Re: [Plugins-writers] Converting a string to an int that's greater than 2^31-1"
• In reply to: Jon Passki: "[Plugins-writers] Weird behavior with substr"
• Next in thread: Michel Arboi: "Re: [Plugins-writers] Weird behavior with substr"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Thu Oct 06 2005 - 17:45:55 PDT