From 03c9f349598291ffea93ec61a6c93b18dd67004a Mon Sep 17 00:00:00 2001 From: dmiller Date: Tue, 4 Jun 2024 18:22:17 +0000 Subject: [PATCH] Fix sign and width issues around max_ips_to_scan. Fixes #2838. Fixes #2836 --- NmapOps.h | 4 ++-- TargetGroup.cc | 26 ++++++++++++++++++-------- TargetGroup.h | 2 +- targets.cc | 8 ++++---- targets.h | 2 +- 5 files changed, 26 insertions(+), 16 deletions(-) diff --git a/NmapOps.h b/NmapOps.h index 578681f00..bc4f8c3d4 100644 --- a/NmapOps.h +++ b/NmapOps.h @@ -226,8 +226,8 @@ class NmapOps { /* Gets the spoofed MAC address, but returns NULL if it hasn't been set */ const u8 *spoofMACAddress() { return spoof_mac_set? spoof_mac : NULL; } - unsigned int max_ips_to_scan; // Used for Random input (-iR) to specify how - // many IPs to try before stopping. 0 means unlimited. + unsigned long max_ips_to_scan; // Used for Random input (-iR) to specify how + // many IPs to try before stopping. 0 means unlimited if generate_random_ips is true int extra_payload_length; /* These two are for --data-length op */ char *extra_payload; unsigned long host_timeout; diff --git a/TargetGroup.cc b/TargetGroup.cc index 2a8119594..aa95ad01b 100644 --- a/TargetGroup.cc +++ b/TargetGroup.cc @@ -126,15 +126,21 @@ class NetBlockRandomIPv4 : public NetBlock { public: NetBlockRandomIPv4(); - void reject_last_host() { count++; } - void set_num_random(int num) { count = num; } + void reject_last_host() { if (!infinite) count++; } + void set_num_random(unsigned long num) { + if (num == 0) + infinite = true; + else + count = num; + } bool next(struct sockaddr_storage *ss, size_t *sslen); void apply_netmask(int bits) {} std::string str() const {return "Random IPv4 addresses";} private: struct sockaddr_in base; - int count; + unsigned long count; + bool infinite; }; class NetBlockIPv4Ranges : public NetBlock { @@ -352,21 +358,25 @@ bool NetBlock::is_resolved_address(const struct sockaddr_storage *ss) const { return false; } -NetBlockRandomIPv4::NetBlockRandomIPv4() : count(0) { +NetBlockRandomIPv4::NetBlockRandomIPv4() : count(0), infinite(false) { memset(&base, 0, sizeof(base)); base.sin_family = AF_INET; } bool NetBlockRandomIPv4::next(struct sockaddr_storage *ss, size_t *sslen) { - if (count <= 0) { - return false; + if (!infinite) { + if (count > 0) { + count--; + } + else { + return false; + } } do { base.sin_addr.s_addr = get_random_unique_u32(); } while (ip_is_reserved(&base.sin_addr)); memcpy(ss, &base, sizeof(base)); *sslen = sizeof(base); - count--; return true; } @@ -861,7 +871,7 @@ bool TargetGroup::load_expressions(HostGroupState *hs, int af) { return !netblocks.empty(); } -void TargetGroup::generate_random_ips(int num_random) { +void TargetGroup::generate_random_ips(unsigned long num_random) { NetBlockRandomIPv4 *nbrand = new NetBlockRandomIPv4(); nbrand->set_num_random(num_random); netblocks.push_front(nbrand); diff --git a/TargetGroup.h b/TargetGroup.h index 65358e1f9..039aa1e4a 100644 --- a/TargetGroup.h +++ b/TargetGroup.h @@ -98,7 +98,7 @@ public: const std::list &get_unscanned_addrs(void) const; /* is the current expression a named host */ int get_namedhost() const; - void generate_random_ips(int num_random); + void generate_random_ips(unsigned long num_random); void reject_last_host(); private: diff --git a/targets.cc b/targets.cc index 0b380b12a..e95462125 100644 --- a/targets.cc +++ b/targets.cc @@ -285,7 +285,7 @@ bool target_needs_new_hostgroup(Target **targets, int targets_sz, const Target * The target_expressions array MUST REMAIN VALID IN MEMORY as long as this class instance is used -- the array is NOT copied. */ -HostGroupState::HostGroupState(int lookahead, int rnd, int num_random, int argc, const char **argv) { +HostGroupState::HostGroupState(int lookahead, int rnd, unsigned long num_random, int argc, const char **argv) { assert(lookahead > 0); this->argc = argc; this->argv = argv; @@ -296,7 +296,7 @@ HostGroupState::HostGroupState(int lookahead, int rnd, int num_random, int argc, current_batch_sz = 0; next_batch_no = 0; randomize = rnd; - if (num_random > 0) { + if (num_random >= 0) { current_group.generate_random_ips(num_random); } } @@ -414,8 +414,8 @@ bail: } bool HostGroupState::get_next_host(struct sockaddr_storage *ss, size_t *sslen, struct addrset *exclude_group) { - int num_queued = o.numhosts_scanned + current_batch_sz; - if (o.max_ips_to_scan > 0 && num_queued >= (int)o.max_ips_to_scan) { + unsigned long num_queued = o.numhosts_scanned + current_batch_sz; + if (o.max_ips_to_scan > 0 && num_queued >= o.max_ips_to_scan) { return false; } diff --git a/targets.h b/targets.h index 72156e595..628c10a9c 100644 --- a/targets.h +++ b/targets.h @@ -74,7 +74,7 @@ public: /* The maximum number of entries we want to allow storing in defer_buffer. */ static const unsigned int DEFER_LIMIT = 64; - HostGroupState(int lookahead, int randomize, int num_random, int argc, const char *argv[]); + HostGroupState(int lookahead, int randomize, unsigned long num_random, int argc, const char *argv[]); ~HostGroupState(); Target **hostbatch;