From 32efc8b28cd5e539e7789093322d83010b2ab17f Mon Sep 17 00:00:00 2001
From: vincent <vincent@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 26 Jul 2016 14:06:22 +0000
Subject: [PATCH] Use FQDN_LEN instead of MAXHOSTNAMELEN for DNS name buffers

This closes #140 (issue #140), namely "Use correct lengths
for FQDN, not MAXHOSTNAMELEN"
---
 Target.cc            |  7 +++++--
 idle_scan.cc         |  4 ++--
 nmap.cc              | 10 +++++-----
 nmap.h               |  3 +++
 nmap_dns.cc          |  4 ++--
 nmap_ftp.cc          |  5 +++--
 nmap_ftp.h           |  2 +-
 nping/NpingTarget.cc |  8 ++++++--
 output.cc            |  2 +-
 9 files changed, 28 insertions(+), 17 deletions(-)

diff --git a/Target.cc b/Target.cc
index 1b66ddda3..63981a9e6 100644
--- a/Target.cc
+++ b/Target.cc
@@ -134,6 +134,7 @@
 #include "nbase.h"
 #include "NmapOps.h"
 #include "utils.h"
+#include "nmap.h"
 #include "nmap_error.h"
 
 extern NmapOps o;
@@ -429,8 +430,10 @@ const char *Target::NameIP(char *buf, size_t buflen) const {
 
 /* This next version returns a static buffer -- so no concurrency */
 const char *Target::NameIP() const {
-  if (!nameIPBuf) nameIPBuf = (char *) safe_malloc(MAXHOSTNAMELEN + INET6_ADDRSTRLEN);
-  return NameIP(nameIPBuf, MAXHOSTNAMELEN + INET6_ADDRSTRLEN);
+  /* Add 3 characters for the hostname and IP string, hence we allocate
+    (FQDN_LEN + INET6_ADDRSTRLEN + 4) octets, with octet for the null terminator */
+  if (!nameIPBuf) nameIPBuf = (char *) safe_malloc(FQDN_LEN + INET6_ADDRSTRLEN + 4);
+  return NameIP(nameIPBuf, FQDN_LEN + INET6_ADDRSTRLEN + 4);
 }
 
   /* Returns the next hop for sending packets to this host.  Returns true if
diff --git a/idle_scan.cc b/idle_scan.cc
index b0a35f4e1..584056348 100644
--- a/idle_scan.cc
+++ b/idle_scan.cc
@@ -547,7 +547,7 @@ static void initialize_idleproxy(struct idle_proxy_info *proxy, char *proxyName,
   int newipid;
   unsigned int i;
   char filter[512]; /* Libpcap filter string */
-  char name[MAXHOSTNAMELEN + 1];
+  char name[FQDN_LEN + 1];
   struct sockaddr_storage ss;
   size_t sslen;
   u32 sequence_base;
@@ -1399,7 +1399,7 @@ static int idle_treescan(struct idle_proxy_info *proxy, Target *target,
 void idle_scan(Target *target, u16 *portarray, int numports,
                char *proxyName, const struct scan_lists *ports) {
 
-  static char lastproxy[MAXHOSTNAMELEN + 1] = ""; /* The proxy used in any previous call */
+  static char lastproxy[FQDN_LEN + 1] = ""; /* The proxy used in any previous call */
   static struct idle_proxy_info proxy;
   int groupsz;
   int portidx = 0; /* Used for splitting the port array into chunks */
diff --git a/nmap.cc b/nmap.cc
index 53ef9128e..99cf6c264 100644
--- a/nmap.cc
+++ b/nmap.cc
@@ -965,8 +965,8 @@ void parse_options(int argc, char **argv) {
         } else if (strcmp(long_options[option_index].name, "sI") == 0) {
           o.idlescan = 1;
           o.idleProxy = strdup(optarg);
-          if (strlen(o.idleProxy) > MAXHOSTNAMELEN) {
-            fatal("ERROR: -sI argument must be less than %d characters", MAXHOSTNAMELEN);
+          if (strlen(o.idleProxy) > FQDN_LEN) {
+            fatal("ERROR: -sI argument must be less than %d characters", FQDN_LEN);
           }
         } else if (strcmp(long_options[option_index].name, "vv") == 0) {
           /* Compatibility hack ... ugly */
@@ -1745,11 +1745,11 @@ int nmap_main(int argc, char *argv[]) {
 #endif
   unsigned int ideal_scan_group_sz = 0;
   Target *currenths;
-  char myname[MAXHOSTNAMELEN + 1];
+  char myname[FQDN_LEN + 1];
   int sourceaddrwarning = 0; /* Have we warned them yet about unguessable
                                 source addresses? */
   unsigned int targetno;
-  char hostname[MAXHOSTNAMELEN + 1] = "";
+  char hostname[FQDN_LEN + 1] = "";
   struct sockaddr_storage ss;
   size_t sslen;
 
@@ -2035,7 +2035,7 @@ int nmap_main(int argc, char *argv[]) {
           if (o.SourceSockAddr(&ss, &sslen) == 0) {
             currenths->setSourceSockAddr(&ss, sslen);
           } else {
-            if (gethostname(myname, MAXHOSTNAMELEN) ||
+            if (gethostname(myname, FQDN_LEN) ||
                 resolve(myname, 0, &ss, &sslen, o.af()) != 0)
               fatal("Cannot get hostname!  Try using -S <my_IP_address> or -e <interface to scan through>\n");
 
diff --git a/nmap.h b/nmap.h
index 1e4170a07..148adef5c 100644
--- a/nmap.h
+++ b/nmap.h
@@ -323,6 +323,9 @@
 #define MAXHOSTNAMELEN 64
 #endif
 
+/* Length of longest DNS name */
+#define FQDN_LEN 254
+
 /* Max payload: Worst case is IPv4 with 40bytes of options and TCP with 20
  * bytes of options. */
 #define MAX_PAYLOAD_ALLOWED 65535-60-40
diff --git a/nmap_dns.cc b/nmap_dns.cc
index 3e2fae10b..22d6a375f 100644
--- a/nmap_dns.cc
+++ b/nmap_dns.cc
@@ -1225,7 +1225,7 @@ static void nmap_mass_rdns_core(Target **targets, int num_targets) {
     for(i=0, reqI = deferred_reqs.begin(); reqI != deferred_reqs.end(); reqI++, i++) {
       struct sockaddr_storage ss;
       size_t sslen;
-      char hostname[MAXHOSTNAMELEN + 1] = "";
+      char hostname[FQDN_LEN + 1] = "";
 
       if (keyWasPressed())
         SPM->printStats((double) i / deferred_reqs.size(), NULL);
@@ -1259,7 +1259,7 @@ static void nmap_system_rdns_core(Target **targets, int num_targets) {
   Target *currenths;
   struct sockaddr_storage ss;
   size_t sslen;
-  char hostname[MAXHOSTNAMELEN + 1] = "";
+  char hostname[FQDN_LEN + 1] = "";
   char spmobuf[1024];
   int i;
 
diff --git a/nmap_ftp.cc b/nmap_ftp.cc
index 948e0068e..8989f802f 100644
--- a/nmap_ftp.cc
+++ b/nmap_ftp.cc
@@ -121,6 +121,7 @@
  ***************************************************************************/
 
 /* $Id$ */
+#include "nmap.h"
 #include "nmap_ftp.h"
 #include "output.h"
 #include "NmapOps.h"
@@ -167,9 +168,9 @@ int parse_bounce_argument(struct ftpinfo *ftp, char *url) {
     ftp->port = atoi(s);
   }
 
-  strncpy(ftp->server_name, q, MAXHOSTNAMELEN);
+  strncpy(ftp->server_name, q, FQDN_LEN+1);
 
-  ftp->user[63] = ftp->pass[255] = ftp->server_name[MAXHOSTNAMELEN] = 0;
+  ftp->user[63] = ftp->pass[255] = ftp->server_name[FQDN_LEN] = 0;
 
   return 1;
 }
diff --git a/nmap_ftp.h b/nmap_ftp.h
index eaa09ff7a..9308cdb37 100644
--- a/nmap_ftp.h
+++ b/nmap_ftp.h
@@ -137,7 +137,7 @@ class Target;
 struct ftpinfo {
   char user[64];
   char pass[256]; /* methinks you're paranoid if you need this much space */
-  char server_name[MAXHOSTNAMELEN + 1];
+  char server_name[FQDN_LEN + 1];
   struct in_addr server;
   u16 port;
   int sd; /* socket descriptor */
diff --git a/nping/NpingTarget.cc b/nping/NpingTarget.cc
index ade0aaa37..38af825a0 100644
--- a/nping/NpingTarget.cc
+++ b/nping/NpingTarget.cc
@@ -128,6 +128,10 @@
 #include "nping_winconfig.h"
 #endif
 
+#ifndef FQDN_LEN
+#define FQDN_LEN 254
+#endif
+
 #include "NpingTarget.h"
 #include <dnet.h>
 #include "nbase.h"
@@ -761,8 +765,8 @@ const char *NpingTarget::getNameAndIP(char *buf, size_t buflen) {
 /** This next version returns a static buffer -- so no concurrency */
 const char *NpingTarget::getNameAndIP() {
   if(!nameIPBuf)
-    nameIPBuf = (char *)safe_malloc(MAXHOSTNAMELEN + INET6_ADDRSTRLEN);
-  return getNameAndIP(nameIPBuf, MAXHOSTNAMELEN + INET6_ADDRSTRLEN);
+    nameIPBuf = (char *)safe_malloc(FQDN_LEN + INET6_ADDRSTRLEN + 4);
+  return getNameAndIP(nameIPBuf, FQDN_LEN + INET6_ADDRSTRLEN + 4);
 } /* End of getNameAndIP() */
 
 
diff --git a/output.cc b/output.cc
index aca513708..874527eba 100644
--- a/output.cc
+++ b/output.cc
@@ -2095,7 +2095,7 @@ void printserviceinfooutput(Target *currenths) {
   Port port;
   struct serviceDeductions sd;
   int i, numhostnames = 0, numostypes = 0, numdevicetypes = 0, numcpes = 0;
-  char hostname_tbl[MAX_SERVICE_INFO_FIELDS][MAXHOSTNAMELEN];
+  char hostname_tbl[MAX_SERVICE_INFO_FIELDS][FQDN_LEN+1];
   char ostype_tbl[MAX_SERVICE_INFO_FIELDS][64];
   char devicetype_tbl[MAX_SERVICE_INFO_FIELDS][64];
   char cpe_tbl[MAX_SERVICE_INFO_FIELDS][80];