fix for a fuzz "bug" reported by daniele.rivetti@yahoo.com

2025-01-24 08:14:24 +03:00 · 2011-06-03 11:01:26 +00:00 · 2011-06-03 11:01:26 +00:00 · faf7814869
commit faf7814869
parent 08d6bb4f23
2 changed files with 18 additions and 9 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -366,7 +366,7 @@ class Backend:

    @staticmethod
    def getDbms():
-        return aliasToDbmsEnum(kb.dbms)
+        return aliasToDbmsEnum(kb.dbms) if kb.get('dbms') else None

    @staticmethod
    def getErrorParsedDBMSes():
@ -388,11 +388,13 @@ class Backend:
    def getIdentifiedDbms():
        dbms = None

-        if Backend.getForcedDbms() is not None:
+        if not kb:
+            pass
+        elif Backend.getForcedDbms() is not None:
            dbms = Backend.getForcedDbms()
        elif Backend.getDbms() is not None:
            dbms = kb.dbms
-        elif conf.dbms is not None:
+        elif conf.get('dbms'):
            dbms = conf.dbms
        elif len(Backend.getErrorParsedDBMSes()) > 0:
            dbms = Backend.getErrorParsedDBMSes()[0]
@ -2422,7 +2424,7 @@ def unhandledExceptionMessage():
    errMsg += "Python version: %s\n" % PYVERSION
    errMsg += "Operating system: %s\n" % PLATFORM
    errMsg += "Command line: %s\n" % " ".join(sys.argv)
-    errMsg += "Technique: %s\n" % (enumValueToNameLookup(PAYLOAD.TECHNIQUE, kb.technique) if kb.technique else None)
+    errMsg += "Technique: %s\n" % (enumValueToNameLookup(PAYLOAD.TECHNIQUE, kb.technique) if kb and kb.technique else None)
    errMsg += "Back-end DBMS: %s" % ("%s (fingerprinted)" % Backend.getDbms() if Backend.getDbms() is not None else "%s (identified)" % Backend.getIdentifiedDbms())
    return maskSensitiveData(errMsg)

@ -2433,7 +2435,7 @@ def maskSensitiveData(msg):

    retVal = msg

-    for item in filter(lambda x: x, [conf.hostname, conf.googleDork, conf.aCred, conf.tbl, conf.db, conf.col, conf.user, conf.cookie]):
+    for item in filter(lambda x: conf.get(x), ['hostname', 'googleDork', 'aCred', 'tbl', 'db', 'col', 'user', 'cookie']):
        regex = SENSITIVE_DATA_REGEX % item
        while extractRegexResult(regex, retVal):
            value = extractRegexResult(regex, retVal)
--- a/lib/parse/configfile.py
+++ b/lib/parse/configfile.py
@ -9,13 +9,14 @@ See the file 'doc/COPYING' for copying permission

 import codecs

-from ConfigParser import NoSectionError
+from ConfigParser import MissingSectionHeaderError

 from lib.core.common import checkFile
 from lib.core.common import UnicodeRawConfigParser
 from lib.core.data import conf
 from lib.core.data import logger
 from lib.core.exception import sqlmapMissingMandatoryOptionException
+from lib.core.exception import sqlmapSyntaxException
 from lib.core.optiondict import optDict
 from lib.core.settings import UNICODE_ENCODING

@ -60,11 +61,17 @@ def configFileParser(configFile):

    checkFile(configFile)
    configFP = codecs.open(configFile, "rb", UNICODE_ENCODING)
-    config = UnicodeRawConfigParser()
-    config.readfp(configFP)
+
+    try:
+        config = UnicodeRawConfigParser()
+        config.readfp(configFP)
+    except MissingSectionHeaderError:
+        errMsg = "you've provided a non-valid configuration file"
+        raise sqlmapSyntaxException, errMsg

    if not config.has_section("Target"):
-        raise NoSectionError, "Target in the configuration file is mandatory"
+        errMsg = "missing a mandatory section 'Target' in the configuration file"
+        raise sqlmapMissingMandatoryOptionException, errMsg

    condition = not config.has_option("Target", "url")
    condition &= not config.has_option("Target", "logFile")