PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 12:41:29 +00:00
Code Issues Projects Releases Wiki Activity

Use FQDN_LEN instead of MAXHOSTNAMELEN for DNS name buffers

Browse Source 
This closes #140 (issue #140), namely "Use correct lengths 
for FQDN, not MAXHOSTNAMELEN"
This commit is contained in:
vincent
2016-07-26 14:06:22 +00:00
parent fcb94e2018
commit 32efc8b28c
9 changed files with 28 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Target.cc
View File

@@ -134,6 +134,7 @@
#include "nbase.h" #include "nbase.h"
#include "NmapOps.h" #include "NmapOps.h"
#include "utils.h" #include "utils.h"
#include "nmap.h"
#include "nmap_error.h" #include "nmap_error.h"
extern NmapOps o; extern NmapOps o;
@@ -429,8 +430,10 @@ const char *Target::NameIP(char *buf, size_t buflen) const {
/* This next version returns a static buffer -- so no concurrency */ /* This next version returns a static buffer -- so no concurrency */
const char *Target::NameIP() const { const char *Target::NameIP() const {
if (!nameIPBuf) nameIPBuf = (char *) safe_malloc(MAXHOSTNAMELEN + INET6_ADDRSTRLEN); /* Add 3 characters for the hostname and IP string, hence we allocate
return NameIP(nameIPBuf, MAXHOSTNAMELEN + INET6_ADDRSTRLEN); (FQDN_LEN + INET6_ADDRSTRLEN + 4) octets, with octet for the null terminator */
if (!nameIPBuf) nameIPBuf = (char *) safe_malloc(FQDN_LEN + INET6_ADDRSTRLEN + 4);
return NameIP(nameIPBuf, FQDN_LEN + INET6_ADDRSTRLEN + 4);
} }
/* Returns the next hop for sending packets to this host. Returns true if /* Returns the next hop for sending packets to this host. Returns true if

4
idle_scan.cc
View File

@@ -547,7 +547,7 @@ static void initialize_idleproxy(struct idle_proxy_info *proxy, char *proxyName,
int newipid; int newipid;
unsigned int i; unsigned int i;
char filter[512]; /* Libpcap filter string */ char filter[512]; /* Libpcap filter string */
char name[MAXHOSTNAMELEN + 1]; char name[FQDN_LEN + 1];
struct sockaddr_storage ss; struct sockaddr_storage ss;
size_t sslen; size_t sslen;
u32 sequence_base; u32 sequence_base;
@@ -1399,7 +1399,7 @@ static int idle_treescan(struct idle_proxy_info *proxy, Target *target,
void idle_scan(Target *target, u16 *portarray, int numports, void idle_scan(Target *target, u16 *portarray, int numports,
char *proxyName, const struct scan_lists *ports) { char *proxyName, const struct scan_lists *ports) {
static char lastproxy[MAXHOSTNAMELEN + 1] = ""; /* The proxy used in any previous call */ static char lastproxy[FQDN_LEN + 1] = ""; /* The proxy used in any previous call */
static struct idle_proxy_info proxy; static struct idle_proxy_info proxy;
int groupsz; int groupsz;
int portidx = 0; /* Used for splitting the port array into chunks */ int portidx = 0; /* Used for splitting the port array into chunks */

10
nmap.cc
View File

@@ -965,8 +965,8 @@ void parse_options(int argc, char **argv) {
} else if (strcmp(long_options[option_index].name, "sI") == 0) { } else if (strcmp(long_options[option_index].name, "sI") == 0) {
o.idlescan = 1; o.idlescan = 1;
o.idleProxy = strdup(optarg); o.idleProxy = strdup(optarg);
if (strlen(o.idleProxy) > MAXHOSTNAMELEN) { if (strlen(o.idleProxy) > FQDN_LEN) {
fatal("ERROR: -sI argument must be less than %d characters", MAXHOSTNAMELEN); fatal("ERROR: -sI argument must be less than %d characters", FQDN_LEN);
} }
} else if (strcmp(long_options[option_index].name, "vv") == 0) { } else if (strcmp(long_options[option_index].name, "vv") == 0) {
/* Compatibility hack ... ugly */ /* Compatibility hack ... ugly */
@@ -1745,11 +1745,11 @@ int nmap_main(int argc, char *argv[]) {
#endif #endif
unsigned int ideal_scan_group_sz = 0; unsigned int ideal_scan_group_sz = 0;
Target *currenths; Target *currenths;
char myname[MAXHOSTNAMELEN + 1]; char myname[FQDN_LEN + 1];
int sourceaddrwarning = 0; /* Have we warned them yet about unguessable int sourceaddrwarning = 0; /* Have we warned them yet about unguessable
source addresses? */ source addresses? */
unsigned int targetno; unsigned int targetno;
char hostname[MAXHOSTNAMELEN + 1] = ""; char hostname[FQDN_LEN + 1] = "";
struct sockaddr_storage ss; struct sockaddr_storage ss;
size_t sslen; size_t sslen;
@@ -2035,7 +2035,7 @@ int nmap_main(int argc, char *argv[]) {
if (o.SourceSockAddr(&ss, &sslen) == 0) { if (o.SourceSockAddr(&ss, &sslen) == 0) {
currenths->setSourceSockAddr(&ss, sslen); currenths->setSourceSockAddr(&ss, sslen);
} else { } else {
if (gethostname(myname, MAXHOSTNAMELEN) || if (gethostname(myname, FQDN_LEN) ||
resolve(myname, 0, &ss, &sslen, o.af()) != 0) resolve(myname, 0, &ss, &sslen, o.af()) != 0)
fatal("Cannot get hostname! Try using -S <my_IP_address> or -e <interface to scan through>\n"); fatal("Cannot get hostname! Try using -S <my_IP_address> or -e <interface to scan through>\n");

3
nmap.h
View File

@@ -323,6 +323,9 @@
#define MAXHOSTNAMELEN 64 #define MAXHOSTNAMELEN 64
#endif #endif
/* Length of longest DNS name */
#define FQDN_LEN 254
/* Max payload: Worst case is IPv4 with 40bytes of options and TCP with 20 /* Max payload: Worst case is IPv4 with 40bytes of options and TCP with 20
* bytes of options. */ * bytes of options. */
#define MAX_PAYLOAD_ALLOWED 65535-60-40 #define MAX_PAYLOAD_ALLOWED 65535-60-40

4
nmap_dns.cc
View File

@@ -1225,7 +1225,7 @@ static void nmap_mass_rdns_core(Target **targets, int num_targets) {
for(i=0, reqI = deferred_reqs.begin(); reqI != deferred_reqs.end(); reqI++, i++) { for(i=0, reqI = deferred_reqs.begin(); reqI != deferred_reqs.end(); reqI++, i++) {
struct sockaddr_storage ss; struct sockaddr_storage ss;
size_t sslen; size_t sslen;
char hostname[MAXHOSTNAMELEN + 1] = ""; char hostname[FQDN_LEN + 1] = "";
if (keyWasPressed()) if (keyWasPressed())
SPM->printStats((double) i / deferred_reqs.size(), NULL); SPM->printStats((double) i / deferred_reqs.size(), NULL);
@@ -1259,7 +1259,7 @@ static void nmap_system_rdns_core(Target **targets, int num_targets) {
Target *currenths; Target *currenths;
struct sockaddr_storage ss; struct sockaddr_storage ss;
size_t sslen; size_t sslen;
char hostname[MAXHOSTNAMELEN + 1] = ""; char hostname[FQDN_LEN + 1] = "";
char spmobuf[1024]; char spmobuf[1024];
int i; int i;

5
nmap_ftp.cc
View File

@@ -121,6 +121,7 @@
***************************************************************************/ ***************************************************************************/
/* $Id$ */ /* $Id$ */
#include "nmap.h"
#include "nmap_ftp.h" #include "nmap_ftp.h"
#include "output.h" #include "output.h"
#include "NmapOps.h" #include "NmapOps.h"
@@ -167,9 +168,9 @@ int parse_bounce_argument(struct ftpinfo *ftp, char *url) {
ftp->port = atoi(s); ftp->port = atoi(s);
} }
strncpy(ftp->server_name, q, MAXHOSTNAMELEN); strncpy(ftp->server_name, q, FQDN_LEN+1);
ftp->user[63] = ftp->pass[255] = ftp->server_name[MAXHOSTNAMELEN] = 0; ftp->user[63] = ftp->pass[255] = ftp->server_name[FQDN_LEN] = 0;
return 1; return 1;
} }

2
nmap_ftp.h
View File

@@ -137,7 +137,7 @@ class Target;
struct ftpinfo { struct ftpinfo {
char user[64]; char user[64];
char pass[256]; /* methinks you're paranoid if you need this much space */ char pass[256]; /* methinks you're paranoid if you need this much space */
char server_name[MAXHOSTNAMELEN + 1]; char server_name[FQDN_LEN + 1];
struct in_addr server; struct in_addr server;
u16 port; u16 port;
int sd; /* socket descriptor */ int sd; /* socket descriptor */

8
nping/NpingTarget.cc
View File

@@ -128,6 +128,10 @@
#include "nping_winconfig.h" #include "nping_winconfig.h"
#endif #endif
#ifndef FQDN_LEN
#define FQDN_LEN 254
#endif
#include "NpingTarget.h" #include "NpingTarget.h"
#include <dnet.h> #include <dnet.h>
#include "nbase.h" #include "nbase.h"
@@ -761,8 +765,8 @@ const char *NpingTarget::getNameAndIP(char *buf, size_t buflen) {
/** This next version returns a static buffer -- so no concurrency */ /** This next version returns a static buffer -- so no concurrency */
const char *NpingTarget::getNameAndIP() { const char *NpingTarget::getNameAndIP() {
if(!nameIPBuf) if(!nameIPBuf)
nameIPBuf = (char *)safe_malloc(MAXHOSTNAMELEN + INET6_ADDRSTRLEN); nameIPBuf = (char *)safe_malloc(FQDN_LEN + INET6_ADDRSTRLEN + 4);
return getNameAndIP(nameIPBuf, MAXHOSTNAMELEN + INET6_ADDRSTRLEN); return getNameAndIP(nameIPBuf, FQDN_LEN + INET6_ADDRSTRLEN + 4);
} /* End of getNameAndIP() */ } /* End of getNameAndIP() */

2
output.cc
View File

@@ -2095,7 +2095,7 @@ void printserviceinfooutput(Target *currenths) {
Port port; Port port;
struct serviceDeductions sd; struct serviceDeductions sd;
int i, numhostnames = 0, numostypes = 0, numdevicetypes = 0, numcpes = 0; int i, numhostnames = 0, numostypes = 0, numdevicetypes = 0, numcpes = 0;
char hostname_tbl[MAX_SERVICE_INFO_FIELDS][MAXHOSTNAMELEN]; char hostname_tbl[MAX_SERVICE_INFO_FIELDS][FQDN_LEN+1];
char ostype_tbl[MAX_SERVICE_INFO_FIELDS][64]; char ostype_tbl[MAX_SERVICE_INFO_FIELDS][64];
char devicetype_tbl[MAX_SERVICE_INFO_FIELDS][64]; char devicetype_tbl[MAX_SERVICE_INFO_FIELDS][64];
char cpe_tbl[MAX_SERVICE_INFO_FIELDS][80]; char cpe_tbl[MAX_SERVICE_INFO_FIELDS][80];