Fix endianness in unpacking IP addresses, since ipOps.fromdword is fixed. Fixes #750

nselib/bitcoin.lua

@@ -68,7 +68,7 @@ NetworkAddress = {
 
     local na = NetworkAddress:new()
     local _
-    _, na.service, na.ipv6_prefix, na.host, na.port = bin.unpack("<LH12I>S", data)
+    _, na.service, na.ipv6_prefix, na.host, na.port = bin.unpack("<LH12>IS", data)
     na.host = ipOps.fromdword(na.host)
     return na
   end,

nselib/data/packetdecoders.lua

@@ -89,7 +89,7 @@ Decoders = {
         pos, sender.mac,
         sender.ip,
         target.mac,
-        target.ip = bin.unpack("<H" .. hwsize .. "IH" .. hwsize .. "I", data, pos)
+        target.ip = bin.unpack(">H" .. hwsize .. "IH" .. hwsize .. "I", data, pos)
 
         if ( not(self.results) ) then
           self.results = tab.new(3)
@@ -131,7 +131,7 @@ Decoders = {
           if ( addr_proto == 'CC' ) then
             -- IPv4 address, extract it
             pos, addr_len = bin.unpack(">S", data, pos)
-            pos, dev_addr = bin.unpack("<I", data, pos)
+            pos, dev_addr = bin.unpack(">I", data, pos)
             addr_list = addr_list .. ' ' .. ipOps.fromdword(dev_addr)
           end
           -- Add code here for IPv6, others
@@ -483,7 +483,7 @@ udp = {
       local data = layer3:sub(p.udp_offset + 9)
 
       local pos, ip, _, src, dst = 5
-      pos, ip, _, _, _, src, dst = bin.unpack("<ISSSA34A34", data, pos)
+      pos, ip, _, _, _, src, dst = bin.unpack(">ISSSA34A34", data, pos)
 
       ip = ipOps.fromdword(ip)
       src = netbios.name_decode(src)
@@ -662,7 +662,7 @@ udp = {
       if ( version ~= 0 ) then return end
       pos = pos + ( 7 - #secret )
       local virtip
-      pos, virtip = bin.unpack("<I", data, pos)
+      pos, virtip = bin.unpack(">I", data, pos)
 
       if ( not(self.dups[p.ip_src]) ) then
         if ( not(self.results) ) then

nselib/dhcp.lua

@@ -66,7 +66,7 @@ local function read_ip(data, pos, length)
       local results = {}
       for i=1, length, 4 do
         local value
-        pos, value = bin.unpack("<I", data, pos)
+        pos, value = bin.unpack(">I", data, pos)
         table.insert(results, ipOps.fromdword(value))
       end
 
@@ -74,7 +74,7 @@ local function read_ip(data, pos, length)
     end
   else
     local value
-    pos, value = bin.unpack("<I", data, pos)
+    pos, value = bin.unpack(">I", data, pos)
 
     return pos, ipOps.fromdword(value)
   end
@@ -485,10 +485,10 @@ function dhcp_parse(data, transaction_id)
 
   -- Unpack the secs, flags, addresses, sname, and file
   pos, result['secs'], result['flags'] = bin.unpack(">SS", data, pos)
-  pos, result['ciaddr'] = bin.unpack("<I", data, pos)
-  pos, result['yiaddr'] = bin.unpack("<I", data, pos)
-  pos, result['siaddr'] = bin.unpack("<I", data, pos)
-  pos, result['giaddr'] = bin.unpack("<I", data, pos)
+  pos, result['ciaddr'] = bin.unpack(">I", data, pos)
+  pos, result['yiaddr'] = bin.unpack(">I", data, pos)
+  pos, result['siaddr'] = bin.unpack(">I", data, pos)
+  pos, result['giaddr'] = bin.unpack(">I", data, pos)
   pos, result['chaddr'] = bin.unpack("A16", data, pos)
   pos, result['sname']  = bin.unpack("A64", data, pos)
   pos, result['file']   = bin.unpack("A128", data, pos)

nselib/eigrp.lua

@@ -138,8 +138,8 @@ EIGRP = {
       elseif tlv.type == TLV.SEQ then
         -- Sequence
         index, tlv.addlen = bin.unpack(">S", eigrp_raw, index)
-        index, tlv.address = bin.unpack("<C".. tlv.addlen, eigrp_raw, index)
-        tlv.address = ipOps.fromdword(tlv.address)
+        index, tlv.address = bin.unpack("A".. tlv.addlen, eigrp_raw, index)
+        tlv.address = ipOps.str_to_ip(tlv.address)
         index = index + tlv.length - 7
       elseif tlv.type == TLV.SWVER then
         -- Software version
@@ -170,7 +170,7 @@ EIGRP = {
         index = index + tlv.length - 4
       elseif tlv.type == TLV.INT then
         -- Internal Route
-        index, tlv.nexth = bin.unpack("<I", eigrp_raw, index)
+        index, tlv.nexth = bin.unpack(">I", eigrp_raw, index)
         tlv.nexth = ipOps.fromdword(tlv.nexth)
         index, tlv.mask = bin.unpack(">S", eigrp_raw, index + 15)
         -- Destination varies in length
@@ -189,9 +189,9 @@ EIGRP = {
         tlv.dst = dst[1] .. '.' .. dst[2] .. '.' .. dst[3] .. '.' .. dst[4]
       elseif tlv.type == TLV.EXT then
         -- External Route
-        index, tlv.nexth = bin.unpack("<I", eigrp_raw, index)
+        index, tlv.nexth = bin.unpack(">I", eigrp_raw, index)
         tlv.nexth = ipOps.fromdword(tlv.nexth)
-        index, tlv.orouterid = bin.unpack("<I", eigrp_raw, index)
+        index, tlv.orouterid = bin.unpack(">I", eigrp_raw, index)
         tlv.orouterid = ipOps.fromdword(tlv.orouterid)
         index, tlv.oas = bin.unpack(">I", eigrp_raw, index)
         index, tlv.tag = bin.unpack(">I", eigrp_raw, index)

nselib/natpmp.lua

@@ -95,13 +95,13 @@ Response = {
       end
 
       local pos
-      pos, self.version, self.op, self.rescode = bin.unpack("<CCS", self.data)
+      pos, self.version, self.op, self.rescode = bin.unpack(">CCS", self.data)
 
       if ( self.rescode ~= ResultCode.SUCCESS or self.op ~= 128 ) then
         return
       end
 
-      pos, self.time, self.ip = bin.unpack("<II", self.data, pos)
+      pos, self.time, self.ip = bin.unpack(">II", self.data, pos)
       self.ip = ipOps.fromdword(self.ip)
       self.time = stdnse.format_timestamp(self.time)
       return true
@@ -126,7 +126,7 @@ Response = {
       end
 
       local pos
-      pos, self.version, self.op, self.rescode = bin.unpack("<CCS", self.data)
+      pos, self.version, self.op, self.rescode = bin.unpack(">CCS", self.data)
 
       if ( self.rescode ~= ResultCode.SUCCESS ) then
         return

nselib/ncp.lua

@@ -341,7 +341,7 @@ ResponseParser = {
     local function DecodeAddress(data, pos)
       local COMM_TYPES = { [5] = "udp", [6] = "tcp" }
       local comm_type, port, ip, _
-      pos, comm_type, _, _, _, port, ip = bin.unpack(">CCISS<I", data, pos)
+      pos, comm_type, _, _, _, port, ip = bin.unpack(">CCISSI", data, pos)
 
       return pos, { port = port, ip = ipOps.fromdword(ip),
         proto = COMM_TYPES[comm_type] or "unknown" }

nselib/ospf.lua

@@ -55,7 +55,7 @@ OSPF = {
       assert( header.ver == 2, "Invalid OSPF version detected")
 
       pos, header.router_id, header.area_id, header.chksum, header.auth_type
-      = bin.unpack("<I>ISS", data, pos)
+      = bin.unpack(">IISS", data, pos)
 
       -- No authentication
       if header.auth_type == 0x00 then
@@ -183,7 +183,7 @@ OSPF = {
       assert( #data >= hello.header.length, "OSPF packet too short")
       pos, hello.netmask, hello.interval, hello.options, hello.prio,
       hello.router_dead_interval, hello.DR,
-      hello.BDR = bin.unpack("<ISCCIII", data, pos)
+      hello.BDR = bin.unpack(">ISCCIII", data, pos)
 
       hello.netmask = ipOps.fromdword(hello.netmask)
       hello.DR = ipOps.fromdword(hello.DR)
@@ -199,7 +199,7 @@ OSPF = {
 
       hello.neighbors = {}
       for i=1, neighbor_count do
-        pos, neighbor = bin.unpack("<I", data, pos)
+        pos, neighbor = bin.unpack(">I", data, pos)
         neighbor = ipOps.fromdword(neighbor)
         table.insert(hello.neighbors, neighbor)
       end

nselib/stun.lua

@@ -139,7 +139,7 @@ Attribute = {
 
     local function parseAddress(data, pos)
       local _, addr = nil, {}
-      pos, _, addr.family, addr.port, addr.ip = bin.unpack("<CCSI", data, pos)
+      pos, _, addr.family, addr.port, addr.ip = bin.unpack(">CCSI", data, pos)
       if ( addr.ip ) then
         addr.ip = ipOps.fromdword(addr.ip)
       end

nselib/vuzedht.lua

@@ -161,7 +161,7 @@ Response = {
       local pos, addr_len = bin.unpack("C", self.data)
       if ( addr_len == 4 ) then
         self.length = 4 + 2 + 1
-        pos, self.ip = bin.unpack("<I", self.data, pos)
+        pos, self.ip = bin.unpack(">I", self.data, pos)
         self.ip = ipOps.fromdword(self.ip)
       elseif( addr_len == 16 ) then
         self.length = 16 + 2 + 1
@@ -289,7 +289,7 @@ Response = {
         pos, contact.type, contact.proto_version, addr_len = bin.unpack("CCC", self.data, pos)
 
         if ( addr_len == 4 ) then
-          pos, address = bin.unpack("<I", self.data, pos)
+          pos, address = bin.unpack(">I", self.data, pos)
           contact.address = ipOps.fromdword(address)
         elseif ( addr_len == 16 ) then
           pos, contact.address = bin.unpack("H16", self.data, pos)

scripts/broadcast-igmp-discovery.nse

@@ -120,7 +120,7 @@ local igmpParse = function(data)
     -- Checksum
     index, response.checksum = bin.unpack(">S", data, index)
     -- Multicast group
-    index, response.group = bin.unpack("<I", data, index)
+    index, response.group = bin.unpack(">I", data, index)
     response.group = ipOps.fromdword(response.group)
     return response
   elseif response.type == 0x22 and #data >= 12 then
@@ -141,12 +141,12 @@ local igmpParse = function(data)
       index, group.auxdlen = bin.unpack(">C", data, index)
       -- Number of source addresses
       index, group.nsrc = bin.unpack(">S", data, index)
-      index, group.address = bin.unpack("<I", data, index)
+      index, group.address = bin.unpack(">I", data, index)
       group.address = ipOps.fromdword(group.address)
       group.src = {}
       if group.nsrc > 0 then
         for i=1,group.nsrc do
-          index, source = bin.unpack("<I", data, index)
+          index, source = bin.unpack(">I", data, index)
           table.insert(group.src, ipOps.fromdword(source))
         end
       end

scripts/broadcast-novell-locate.nse

@@ -55,7 +55,7 @@ function action()
   for _, attr in ipairs(attribs) do
     local addr = attr:match("^%d*%-%d*%-%d*%-(........)")
     if ( addr ) then
-      local pos, dw_addr = bin.unpack( "<I", bin.pack("H", addr) )
+      local pos, dw_addr = bin.unpack( ">I", bin.pack("H", addr) )
       local ip = ipOps.fromdword(dw_addr)
 
       if ( not(ips[ip]) ) then

scripts/broadcast-rip-discover.nse

@@ -124,7 +124,7 @@ RIPv2 = {
       while( #data - pos >= 20 ) do
         local family, address, metric, _, netmask, nexthop
         pos, family, _, address, netmask, nexthop,
-          metric = bin.unpack(">SS<III>I", data, pos)
+          metric = bin.unpack(">SSIIII", data, pos)
 
         if ( family == RIPv2.AddressFamily.IP ) then
           local ip = ipOps.fromdword(address)

scripts/dns-client-subnet-scan.nse

@@ -317,8 +317,6 @@ local get_addresses = function(address, mask, domain, nameserver, port)
   -- DNS library expects
   if ( "number" == type(address) ) then
     address = ipOps.fromdword(address)
-    local a, b, c, d = address:match("(%d+)%.(%d+)%.(%d+)%.(%d+)")
-    address = ("%d.%d.%d.%d"):format(d,c,b,a)
   end
 
   local subnet = { family = nmap.address_family(), address = address, mask = mask }

scripts/enip-info.nse

@@ -1429,7 +1429,7 @@ action = function(host,port)
       output["Revision"] = char1 .. "." .. char2
       -- Device IP, this could be the same, as the IP scanning, or may be actual IP behind NAT
       local dword
-      pos, dword = bin.unpack("<I", response, 37)
+      pos, dword = bin.unpack(">I", response, 37)
       output["Device IP"] = ipOps.fromdword(dword)
       -- set Nmap output
       set_nmap(host, port)

scripts/llmnr-resolve.nse

@@ -127,7 +127,7 @@ local llmnrListen = function(interface, timeout, result)
 
         -- skip null byte, type, class, ttl, dlen
         index = index + 1 + 2 + 2 + 4 + 2
-        index, response.address = bin.unpack("<I", llmnr, index)
+        index, response.address = bin.unpack(">I", llmnr, index)
         response.address = ipOps.fromdword(response.address)
         table.insert(result, response)
       else

scripts/mrinfo.nse

@@ -107,7 +107,7 @@ local mrinfoParse = function(data)
     if data:byte(index) == 0x00 then break end
     address = {}
     -- Local address
-    index, address.ip = bin.unpack("<I", data, index)
+    index, address.ip = bin.unpack(">I", data, index)
     address.ip = ipOps.fromdword(address.ip)
     -- Link metric
     index, address.metric = bin.unpack(">C", data, index)
@@ -121,7 +121,7 @@ local mrinfoParse = function(data)
     address.neighbors = {}
     -- Iterate over neighbors
     for i = 1, address.ncount do
-      index, neighbor = bin.unpack("<I", data, index)
+      index, neighbor = bin.unpack(">I", data, index)
       table.insert(address.neighbors, ipOps.fromdword(neighbor))
     end
     table.insert(response.addresses, address)

scripts/mtrace.nse

@@ -186,19 +186,19 @@ local traceParse = function(data)
   index, response.checksum = bin.unpack(">S", data, index)
 
   -- Group
-  index, response.group = bin.unpack("<I", data, index)
+  index, response.group = bin.unpack(">I", data, index)
   response.group = ipOps.fromdword(response.group)
 
   -- Source address
-  index, response.source = bin.unpack("<I", data, index)
+  index, response.source = bin.unpack(">I", data, index)
   response.source = ipOps.fromdword(response.source)
 
   -- Destination address
-  index, response.destination = bin.unpack("<I", data, index)
+  index, response.destination = bin.unpack(">I", data, index)
   response.receiver = ipOps.fromdword(response.destination)
 
   -- Response address
-  index, response.response = bin.unpack("<I", data, index)
+  index, response.response = bin.unpack(">I", data, index)
   response.response = ipOps.fromdword(response.response)
 
   -- Response TTL
@@ -225,15 +225,15 @@ local traceParse = function(data)
     index, block.query = bin.unpack(">I", data, index)
 
     -- In itf address
-    index, block.inaddr = bin.unpack("<I", data, index)
+    index, block.inaddr = bin.unpack(">I", data, index)
     block.inaddr = ipOps.fromdword(block.inaddr)
 
     -- Out itf address
-    index, block.outaddr = bin.unpack("<I", data, index)
+    index, block.outaddr = bin.unpack(">I", data, index)
     block.outaddr = ipOps.fromdword(block.outaddr)
 
     -- Previous rtr address
-    index, block.prevaddr = bin.unpack("<I", data, index)
+    index, block.prevaddr = bin.unpack(">I", data, index)
     block.prevaddr = ipOps.fromdword(block.prevaddr)
 
     -- In packets