PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 20:51:30 +00:00
Code Issues Projects Releases Wiki Activity

Use a sockaddr_storage for recvfrom in get_rpc_results.

Browse Source 
Previously it was hardcoded to be sockaddr_in, which is obviously wrong
for IPv6. This was only used to filter out packets from other than the
host we are scanning. It may have still been succeeding by accident if
part of the IPv6 address had the bytes 00000000, because for me the port
number is at the same offset in sockaddr_in and sockaddr_in6, and
target->v4host().s_addr returns 00000000 for an IPv6 host.
This commit is contained in:
david
2011-09-03 18:48:11 +00:00
parent e6bb524f18
commit 52de87b974
2 changed files with 21 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
nmap_rpc.cc
View File

@@ -497,6 +497,19 @@ static int rpc_are_we_done(char *msg, int msg_len, Target *target,
return 0; return 0;
} }
static unsigned short sockaddr_port(const struct sockaddr_storage *ss) {
unsigned short port;
if (ss->ss_family == AF_INET)
port = ((struct sockaddr_in *) ss)->sin_port;
else if (ss->ss_family == AF_INET6)
port = ((struct sockaddr_in6 *) ss)->sin6_port;
else
port = 0;
return ntohs(port);
}
void get_rpc_results(Target *target, struct portinfo *scan, void get_rpc_results(Target *target, struct portinfo *scan,
struct scanstats *ss, struct portinfolist *pil, struct scanstats *ss, struct portinfolist *pil,
struct rpcscaninfo *rsi) { struct rpcscaninfo *rsi) {
@@ -506,8 +519,9 @@ void get_rpc_results(Target *target, struct portinfo *scan,
struct timeval tv; struct timeval tv;
int res; int res;
static char readbuf[512]; static char readbuf[512];
struct sockaddr_in from; struct sockaddr_storage from;
recvfrom6_t fromlen = sizeof(struct sockaddr_in); recvfrom6_t fromlen = sizeof(from);
unsigned short fromport;
char *current_msg; char *current_msg;
unsigned long current_msg_len; unsigned long current_msg_len;
@@ -552,13 +566,15 @@ void get_rpc_results(Target *target, struct portinfo *scan,
rsi->rpc_status = RPC_STATUS_NOT_RPC; rsi->rpc_status = RPC_STATUS_NOT_RPC;
return; return;
} }
fromport = sockaddr_port(&from);
if (o.debugging > 1) if (o.debugging > 1)
log_write(LOG_PLAIN, "Received %d byte UDP packet\n", res); log_write(LOG_PLAIN, "Received %d byte UDP packet\n", res);
/* Now we check that the response is from the expected host/port */ /* Now we check that the response is from the expected host/port */
if (from.sin_addr.s_addr != target->v4host().s_addr || if (!sockaddr_storage_equal(&from, target->TargetSockAddr()) ||
from.sin_port != htons(rsi->rpc_current_port->portno)) { fromport != rsi->rpc_current_port->portno) {
if (o.debugging > 1) { if (o.debugging > 1) {
log_write(LOG_PLAIN, "Received UDP packet from %d.%d.%d.%d/%hu when expecting packet from %d.%d.%d.%d/%hu\n", NIPQUAD(from.sin_addr.s_addr), ntohs(from.sin_port), NIPQUAD(target->v4host().s_addr), rsi->rpc_current_port->portno); log_write(LOG_PLAIN, "Received UDP packet from %s/%hu", inet_ntop_ez(&from, fromlen), fromport);
log_write(LOG_PLAIN, " when expecting packet from %s/%hu\n", target->targetipstr(), rsi->rpc_current_port->portno);
} }
continue; continue;
} }

6
utils.h
View File

@@ -149,12 +149,6 @@
#define TRUE 1 #define TRUE 1
#endif #endif
#define NIPQUAD(addr) \
(((addr) >> 0) & 0xff), \
(((addr) >> 8) & 0xff), \
(((addr) >> 16) & 0xff), \
(((addr) >> 24) & 0xff)
#define MAX_PARSE_ARGS 254 /* +1 for integrity checking + 1 for null term */ #define MAX_PARSE_ARGS 254 /* +1 for integrity checking + 1 for null term */