PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-24 00:19:01 +00:00
Code Issues Projects Releases Wiki Activity

Actually use the interface address when get_srcaddr fails.

Browse Source 
There was an embarrasing bug here added in r28874. In the second of
three calls to get_srcaddr, the interface was being indexed by an index
variable that, in this place, was actually an index into the routes
table. This would in general produce a nonsensical source address or
out-of-bounds access.

The symptom of this problem was the following error messages:
	get_srcaddr: can't connect socket: The requested address is not valid in its context.
	Failed to convert source address to presentation format!?!  Error: Unknown error
The first showed that get_srcaddr failed, and the second was caused by
the bogus source address.

http://seclists.org/nmap-dev/2012/q3/859
http://seclists.org/nmap-dev/2012/q4/59
This commit is contained in:
david
2012-10-11 03:11:53 +00:00
parent 89dab3fe14
commit 3029747902
2 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libnetutil/netutil.cc
View File

@@ -3360,7 +3360,7 @@ static int route_dst_generic(const struct sockaddr_storage *dst,
/* But the source address we want to use is the target address. */
if (!spoofss) {
if (get_srcaddr(dst, &rnfo->srcaddr) == -1)
rnfo->srcaddr = ifaces[i].addr;
rnfo->srcaddr = rnfo->ii.addr;
}
return 1;
@@ -3385,7 +3385,7 @@ static int route_dst_generic(const struct sockaddr_storage *dst,
sockaddr_equal(&routes[i].gw, dst));
if (!spoofss) {
if (get_srcaddr(dst, &rnfo->srcaddr) == -1)
rnfo->srcaddr = ifaces[i].addr;
rnfo->srcaddr = rnfo->ii.addr;
}
rnfo->nexthop = routes[i].gw;
@@ -3403,7 +3403,7 @@ static int route_dst_generic(const struct sockaddr_storage *dst,
rnfo->direct_connect = 1;
if (!spoofss) {
if (get_srcaddr(dst, &rnfo->srcaddr) == -1)
rnfo->srcaddr = ifaces[i].addr;
rnfo->srcaddr = rnfo->ii.addr;
}
return 1;