RPCScan
RPCScan copied to clipboard
rpc: handle denied replies
RPC reply bodies can be either MSG_ACCEPTED or MSG_DENIED: https://www.rfc-editor.org/rfc/rfc1831.html#page-11
MSG_ACCEPTED are 24 bytes long (6 fields of 4 bytes):
This is correctly handled by current code.
MSG_DENIED however are shorter, 20 bytes (5 fields of 4 bytes):
So struct.unpack('!LLLLLL', rpc)
fails on MSG_DENIED replies (not enough data to unpack).
The proposed patch only unpacks the first 3 fields, checks if it's a MSG_DENIED and exits then, then only unpack the rest if it's a MSG_ACCEPTED
This is similar to this: https://github.com/nmap/nmap/blob/1ae88d2620a31639018e649c5353fa4b24387262/nselib/rpc.lua#L389