PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

o Fixed an integer overflow which prevented a target specification

Browse Source 
of "*.*.*.*" from working.  Support for the CIDR /0 is now also
  available. [Kris]


A sendto() or connect() to IPv4 addresses with a first octet of 0
(excluding 0.0.0.0 on some OS's) returns EINVAL.  These addresses
are reserved for "self-identification" and should never go over the
wire (and at least on Linux a connect() to 0.0.0.0 gets redirected
to 127.0.0.1).  I'm talking with Fyodor on whether or not to skip
*all* of these addresses.
This commit is contained in:
kris
2008-06-03 19:25:16 +00:00
parent 91d5eb45a5
commit 5436c891fc
3 changed files with 28 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@@ -1,5 +1,9 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o Fixed an integer overflow which prevented a target specification
of "*.*.*.*" from working. Support for the CIDR /0 is now also
available. [Kris]
o Nmap now returns correct values for --iflist in windows even o Nmap now returns correct values for --iflist in windows even
if interface aliases have been set. Previously it would misreport if interface aliases have been set. Previously it would misreport
the windevices and not list all interfaces. [Michael] the windevices and not list all interfaces. [Michael]

35
TargetGroup.cc
View File

@@ -129,7 +129,7 @@ int TargetGroup::rewind() {
if (targets_type == IPV4_NETMASK) { if (targets_type == IPV4_NETMASK) {
currentaddr = startaddr; currentaddr = startaddr;
if (startaddr.s_addr <= endaddr.s_addr) { if (startaddr.s_addr <= endaddr.s_addr) {
ipsleft = endaddr.s_addr - startaddr.s_addr + 1; ipsleft = ((unsigned long long) (endaddr.s_addr - startaddr.s_addr)) + 1;
return 0; return 0;
} }
else else
@@ -139,8 +139,10 @@ int TargetGroup::rewind() {
* the ips by the number of values in the columns */ * the ips by the number of values in the columns */
else if (targets_type == IPV4_RANGES) { else if (targets_type == IPV4_RANGES) {
memset((char *)current, 0, sizeof(current)); memset((char *)current, 0, sizeof(current));
ipsleft = (last[0] + 1) * (last[1] + 1) * ipsleft = (unsigned long long) (last[0] + 1) *
(last[2] + 1) * (last[3] + 1); (unsigned long long) (last[1] + 1) *
(unsigned long long) (last[2] + 1) *
(unsigned long long) (last[3] + 1);
return 0; return 0;
} }
#if HAVE_IPV6 #if HAVE_IPV6
@@ -167,7 +169,6 @@ int TargetGroup::parse_expr(const char * const target_expr, int af) {
char *addy[5]; char *addy[5];
char *hostexp = strdup(target_expr); char *hostexp = strdup(target_expr);
struct hostent *target; struct hostent *target;
unsigned long longtmp;
namedhost = 0; namedhost = 0;
if (targets_type != TYPE_NONE) if (targets_type != TYPE_NONE)
@@ -188,8 +189,8 @@ int TargetGroup::parse_expr(const char * const target_expr, int af) {
target_net = strtok(hostexp, "/"); target_net = strtok(hostexp, "/");
s = strtok(NULL, ""); /* find the end of the token from hostexp */ s = strtok(NULL, ""); /* find the end of the token from hostexp */
netmask = ( s ) ? atoi(s) : 32; netmask = ( s ) ? atoi(s) : 32;
if ((int) netmask <= 0 || netmask > 32) { if ((int) netmask < 0 || netmask > 32) {
error("Illegal netmask value (%d), must be /1 - /32 . Assuming /32 (one host)", netmask); error("Illegal netmask value (%d), must be /0 - /32 . Assuming /32 (one host)", netmask);
netmask = 32; netmask = 32;
} }
for(i=0; *(hostexp + i); i++) for(i=0; *(hostexp + i); i++)
@@ -215,12 +216,20 @@ int TargetGroup::parse_expr(const char * const target_expr, int af) {
return 1; return 1;
} }
} }
longtmp = ntohl(startaddr.s_addr); if (netmask) {
startaddr.s_addr = longtmp & (unsigned long) (0 - (1<<(32 - netmask))); unsigned long longtmp = ntohl(startaddr.s_addr);
endaddr.s_addr = longtmp | (unsigned long) ((1<<(32 - netmask)) - 1); startaddr.s_addr = longtmp & (unsigned long) (0 - (1<<(32 - netmask)));
endaddr.s_addr = longtmp | (unsigned long) ((1<<(32 - netmask)) - 1);
} else {
/* The above calculations don't work for a /0 netmask, though at first
* glance it appears that they would
*/
startaddr.s_addr = 0;
endaddr.s_addr = 0xffffffff;
}
currentaddr = startaddr; currentaddr = startaddr;
if (startaddr.s_addr <= endaddr.s_addr) { if (startaddr.s_addr <= endaddr.s_addr) {
ipsleft = endaddr.s_addr - startaddr.s_addr + 1; ipsleft = ((unsigned long long) (endaddr.s_addr - startaddr.s_addr)) + 1;
free(hostexp); free(hostexp);
return 0; return 0;
} }
@@ -272,8 +281,10 @@ int TargetGroup::parse_expr(const char * const target_expr, int af) {
} }
} }
memset((char *)current, 0, sizeof(current)); memset((char *)current, 0, sizeof(current));
ipsleft = (last[0] + 1) * (last[1] + 1) * ipsleft = (unsigned long long) (last[0] + 1) *
(last[2] + 1) * (last[3] + 1); (unsigned long long) (last[1] + 1) *
(unsigned long long) (last[2] + 1) *
(unsigned long long) (last[3] + 1);
} }
else { else {
#if HAVE_IPV6 #if HAVE_IPV6

2
TargetGroup.h
View File

@@ -160,7 +160,7 @@ class TargetGroup {
/* Number of IPs left in this structure -- set to 0 if /* Number of IPs left in this structure -- set to 0 if
the fields are not valid */ the fields are not valid */
unsigned long ipsleft; unsigned long long ipsleft;
// is the current target expression a named host // is the current target expression a named host
int namedhost; int namedhost;