From 6d83daa08c41c4a4c4545bb5ea4167fd290450e6 Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 5 Mar 2013 06:14:02 +0000
Subject: [PATCH] Check if an interface is known to pcap before adding its name
 servers.

Kenneth Frazier reported that sometimes Nmap would use name servers from
inactive interfaces. Let's try checking the interface GUIDs against
those known by libpcap.
http://seclists.org/nmap-dev/2013/q1/292
---
 CHANGELOG   |  3 +++
 nmap_dns.cc | 30 ++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index e8e8d21fc..71139ac12 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o The list of nameservers on Windows now ignores nameservers from
+  inactive interfaces. [David Fifield]
+
 o Namespace the pipes used to communicate with subprocesses by PID, to
   avoid multiple instances of Ncat from interfering with each other.
   Patch by Andrey Olkhin.
diff --git a/nmap_dns.cc b/nmap_dns.cc
index ea1c0ee55..7920ae3f5 100644
--- a/nmap_dns.cc
+++ b/nmap_dns.cc
@@ -860,6 +860,30 @@ static void connect_dns_servers() {
 
 
 #ifdef WIN32
+static bool interface_is_known_by_guid(const char *guid) {
+  struct interface_info *iflist;
+  int i, n;
+
+  iflist = getinterfaces(&n, NULL, 0);
+  if (iflist == NULL)
+    return false;
+
+  for (i = 0; i < n; i++) {
+    char pcap_name[1024];
+    char *pcap_guid;
+
+    if (!DnetName2PcapName(iflist[i].devname, pcap_name, sizeof(pcap_name)))
+      continue;
+    pcap_guid = strchr(pcap_name, '{');
+    if (pcap_guid == NULL)
+      continue;
+    if (strcmp(guid, pcap_guid) == 0)
+      return true;
+  }
+
+  return false;
+}
+
 // Reads the Windows registry and adds all the nameservers found via the
 // add_dns_server() function.
 void win32_read_registry() {
@@ -892,6 +916,12 @@ void win32_read_registry() {
 
     for (i=0; sz = sizeof(buf), RegEnumKeyEx(hKey, i, buf, &sz, NULL, NULL, NULL, NULL) != ERROR_NO_MORE_ITEMS; i++) {
 
+      if (!interface_is_known_by_guid(buf)) {
+        if (o.debugging > 1)
+          log_write(LOG_PLAIN, "Interface %s is not known; ignoring its nameservers.\n", buf);
+        continue;
+      }
+
       Snprintf(keyname, sizeof(keyname), "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\%s", buf);
 
       if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, keyname,