PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-08 07:29:03 +00:00
Code Issues Projects Releases Wiki Activity

Assert that get_fdinfo doesn't return NULL.

Browse Source 
Resolves these Parfait reports
(http://seclists.org/nmap-dev/2012/q4/412).

Error: Null pointer dereference (CWE 476)
    Read from null pointer 'fdn'
         at line 328 of components/nmap/build/amd64/ncat/ncat_core.c in function 'blocking_fdinfo_send'.
           Function 'get_fdinfo' may return constant 'NULL' at line 615, called at line 366 in function 'ncat_broadcast'.
           Constant 'NULL' passed into function 'blocking_fdinfo_send', argument 'fdn', from call at line 367.
           Null pointer introduced at line 615 of components/nmap/build/amd64/ncat/util.c in function 'get_fdinfo'.
         at line 330 of components/nmap/build/amd64/ncat/ncat_core.c in function 'blocking_fdinfo_send'.
           Function 'get_fdinfo' may return constant 'NULL' at line 615, called at line 366 in function 'ncat_broadcast'.
           Constant 'NULL' passed into function 'blocking_fdinfo_send', argument 'fdn', from call at line 367.
           Null pointer introduced at line 615 of components/nmap/build/amd64/ncat/util.c in function 'get_fdinfo'.
Error: Null pointer dereference (CWE 476)
    Read from null pointer 'fdn'
         at line 946 of components/nmap/build/amd64/ncat/ncat_listen.c in function 'shutdown_sockets'.
           Function 'get_fdinfo' may return constant 'NULL' at line 615, called at line 945.
           Null pointer introduced at line 615 of components/nmap/build/amd64/ncat/util.c in function 'get_fdinfo'.
This commit is contained in:
david
2012-12-22 06:02:30 +00:00
parent d98bbcc8ab
commit 4519c2ec74
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ncat/ncat_core.c
View File

@@ -363,6 +363,7 @@ int ncat_broadcast(fd_set *fds, const fd_list_t *fdlist, const char *msg, size_t
continue;
fdn = get_fdinfo(fdlist, i);
ncat_assert(fdn != NULL);
if (blocking_fdinfo_send(fdn, msg, size) <= 0) {
if (o.debug > 1)
logdebug("Error sending to fd %d: %s.\n", i, socket_strerror(socket_errno()));

6
ncat/ncat_listen.c
View File

@@ -292,6 +292,7 @@ static int ncat_listen_stream(int proto)
FD_CLR(i, &master_readfds);
FD_CLR(i, &master_writefds);
fdi = get_fdinfo(&client_fdlist, i);
ncat_assert(fdi != NULL);
switch (ssl_handshake(fdi)) {
case NCAT_SSL_HANDSHAKE_COMPLETED:
/* Clear from sslpending_fds once ssl is established */
@@ -534,7 +535,7 @@ int read_socket(int recv_fd)
int nbytes, pending;
fdn = get_fdinfo(&client_fdlist, recv_fd);
assert(fdn != NULL);
ncat_assert(fdn != NULL);
nbytes = 0;
do {
@@ -837,7 +838,7 @@ static void read_and_broadcast(int recv_fd)
int pending;
fdn = get_fdinfo(&client_fdlist, recv_fd);
assert(fdn);
ncat_assert(fdn != NULL);
/* Loop while ncat_recv indicates data is pending. */
do {
@@ -942,6 +943,7 @@ static void shutdown_sockets(int how)
continue;
fdn = get_fdinfo(&broadcast_fdlist, i);
ncat_assert(fdn != NULL);
shutdown(fdn->fd, how);
}
}