PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 20:29:03 +00:00
Code Issues Projects Releases Wiki Activity

* Fixes a bug causing the same DNS ECS option table to be useable only once

Browse Source 
because of a side effect on the address family member.

* Allows the ECS address family to be supplied either as string or integer.
This commit is contained in:
nnposter
2018-07-29 00:15:24 +00:00
parent ddd48caec0
commit 40e6327c64
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
nselib/dns.lua
View File

@@ -307,7 +307,7 @@ end
-- * <code>id</code>: numeric value to use for the DNS transaction id
-- * <code>nsid</code>: If true, queries the server for the nameserver identifier (RFC 5001)
-- * <code>subnet</code>: table, if set perform a edns-client-subnet lookup. The table should contain the fields:
-- <code>family</code> - string can be either inet or inet6
-- <code>family</code> - IPv4: "inet" or 1 (default), IPv6: "inet6" or 2
-- <code>address</code> - string containing the originating subnet IP address
-- <code>mask</code> - number containing the number of subnet bits
-- @return <code>true</code> if a dns response was received and contained an answer of the requested type,
@@ -360,9 +360,6 @@ function query(dname, options)
if ( options.nsid ) then
addNSID(pkt, dnssec)
elseif ( options.subnet ) then
local family = { ["inet"] = 1, ["inet6"] = 2 }
assert( family[options.subnet.family], "Unsupported subnet family")
options.subnet.family = family[options.subnet.family]
addClientSubnet(pkt, dnssec, options.subnet )
elseif ( dnssec.DO ) then
addOPT(pkt, {DO = true})
@@ -1402,13 +1399,18 @@ end
-- @param pkt Table representing DNS packet.
-- @param Z Table of Z flags. Only DO is supported.
-- @param client_subnet table containing the following fields
-- <code>family</code> - 1 IPv4, 2 - IPv6
-- <code>family</code> - IPv4: "inet" or 1 (default), IPv6: "inet6" or 2
-- <code>mask</code> - byte containing the length of the subnet mask
-- <code>address</code> - string containing the IP address
function addClientSubnet(pkt,Z,subnet)
local family = subnet.family or 1
if type(family) == "string" then
family = ({inet=1,inet6=2})[family]
end
assert(family == 1 or family == 2, "Unsupported subnet family")
local code = 8 -- https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-11
local scope_mask = 0 -- In requests, it MUST be set to 0 see draft
local data = bin.pack(">SCCA",subnet.family or 1,subnet.mask,scope_mask,ipOps.ip_to_str(subnet.address))
local data = bin.pack(">SCCA",family,subnet.mask,scope_mask,ipOps.ip_to_str(subnet.address))
local opt = bin.pack(">SS",code, #data) .. data
addOPT(pkt,Z,opt)
end