From 71ac6ae95a2f9b4a0e7d4313becda4bf69de206b Mon Sep 17 00:00:00 2001 From: fyodor Date: Tue, 8 Aug 2006 22:50:15 +0000 Subject: [PATCH] little rDNS fix from Doug --- CHANGELOG | 9 ++++++++- nmap_dns.cc | 7 ++++--- osscan2.cc | 12 ++++++++++-- 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 84a899158..58a5f33f3 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,9 @@ # Nmap Changelog ($Id$); -*-text-*- -o Applied a couple of nsock bugfixes from Diman Todorov. These don't +o Worked with Zhao to improve the new OS detection system with + better algorithms and bug fixes. + +o Applied some nsock bugfixes from Diman Todorov. These don't affect the current version of Nmap, but are important for his upcoming Nmap Scripting Engine. @@ -9,6 +12,10 @@ o Integrated all 2nd quarter service detection fingerprint representing 415 protocols. Thanks to version detection czar Doug Hoyte for doing this. +o Fixed a bug in the rDNS system which prevented us from querying + certain authoritative DNS servers which have recursion explicitly + disabled. Thanks to Doug Hoyte for the patch. + o Cleaned up Nmap DNS reporting to be a little more useful and concise. Thanks to Doug Hoyte for the patch. diff --git a/nmap_dns.cc b/nmap_dns.cc index c3877035f..97830ff64 100644 --- a/nmap_dns.cc +++ b/nmap_dns.cc @@ -674,9 +674,10 @@ static void read_evt_handler(nsock_pool nsp, nsock_event evt, void *nothing) { // 0xFA == 11111010 (we're not concerned with AA or RD bits) if ((buf[2] & 0xFA) != 0x80) return; - // Check that Recursion is available, the zero field is all zeros - // and there is no error condition: - if (buf[3] != 0x80) { + // Check that the zero field is all zeros and there is no error condition. + // We don't care if recursion is available or not since we might be querying + // an authoritative DNS server. + if (buf[3] != 0x80 && buf[3] != 0) { if ((buf[3] & 0xF) == 2) errcode = 2; else if ((buf[3] & 0xF) == 3) errcode = 3; else return; diff --git a/osscan2.cc b/osscan2.cc index f5a68d068..a52f2d9d9 100644 --- a/osscan2.cc +++ b/osscan2.cc @@ -13,7 +13,7 @@ using namespace std; extern NmapOps o; /* 7 options: - * 0~5: six options for TSeq/TOps/TWin/T1 probes. + * 0~5: six options for SEQ/OPS/WIN/T1 probes. * 6: T2~T7 probes. * * option 0: WScale (10), Nop, MSS (1460), Timestamp, Nop, Nop, SackP, Nop, Nop @@ -2103,7 +2103,7 @@ bool HostOsScan::processTUdpResp(HostOsScanStats *hss, struct ip *ip) { struct icmp *icmp; struct ip *ip2; - int numtests = 12; + int numtests; unsigned short checksum; unsigned short *checksumptr; udphdr_bsd *udp; @@ -2112,6 +2112,14 @@ bool HostOsScan::processTUdpResp(HostOsScanStats *hss, struct ip *ip) { int current_testno = 0; unsigned char *datastart, *dataend; +#if !defined(SOLARIS) && !defined(SUNOS) && !defined(IRIX) && !defined(HPUX) + numtests = 12; +#else + /* We don't do RID test under these operating systems, thus the + number of test is 1 less. */ + numtests = 11; +#endif + if (hss->FP_TUdp) return false; icmp = ((struct icmp *)(((char *) ip) + 4 * ip->ip_hl));