From 6f335b8fc99898010daf0609e04f6802041ed191 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 15 Oct 2020 20:03:33 +0000
Subject: [PATCH] Avoid assertion failure when match capture at end of text is
 empty.

First reported here: https://seclists.org/nmap-dev/2014/q2/105

We handle empty strings just fine, so treat it like that instead of
asserting that the capture must start before the end of the string.
---
 service_scan.cc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/service_scan.cc b/service_scan.cc
index a71d27636..eded67fb2 100644
--- a/service_scan.cc
+++ b/service_scan.cc
@@ -731,7 +731,7 @@ static char *substvar(char *tmplvar, char **tmplvarend,
     if (subnum >= nummatches) return NULL;
     offstart = ovector[subnum * 2];
     offend = ovector[subnum * 2 + 1];
-    assert(offstart >= 0 && offstart < subjectlen);
+    assert(offstart >= 0 && offstart <= subjectlen);
     assert(offend >= 0 && offend <= subjectlen);
     // A plain-jane copy
     strbuf_append(&result, &n, &len, (const char *) subject + offstart, offend - offstart);
@@ -745,7 +745,7 @@ static char *substvar(char *tmplvar, char **tmplvarend,
     if (subnum >= nummatches) return NULL;
     offstart = ovector[subnum * 2];
     offend = ovector[subnum * 2 + 1];
-    assert(offstart >= 0 && offstart < subjectlen);
+    assert(offstart >= 0 && offstart <= subjectlen);
     assert(offend >= 0 && offend <= subjectlen);
     // This filter only includes printable characters.  It is particularly
     // useful for collapsing unicode text that looks like
@@ -768,7 +768,7 @@ static char *substvar(char *tmplvar, char **tmplvarend,
     if (subnum >= nummatches) return NULL;
     offstart = ovector[subnum * 2];
     offend = ovector[subnum * 2 + 1];
-    assert(offstart >= 0 && offstart < subjectlen);
+    assert(offstart >= 0 && offstart <= subjectlen);
     assert(offend >= 0 && offend <= subjectlen);
     findstr = command_args.str_args[1];
     findstrlen = command_args.str_args_len[1];
@@ -801,7 +801,7 @@ static char *substvar(char *tmplvar, char **tmplvarend,
     if (subnum >= nummatches) return NULL;
     offstart = ovector[subnum * 2];
     offend = ovector[subnum * 2 + 1];
-    assert(offstart >= 0 && offstart < subjectlen);
+    assert(offstart >= 0 && offstart <= subjectlen);
 
     // overflow
     if (offend - offstart > 8) {