From 8e2de50dd312b157a9639248089419fce69670ca Mon Sep 17 00:00:00 2001 From: fyodor Date: Tue, 12 Dec 2006 09:56:15 +0000 Subject: [PATCH] Kris Katterjohn patches for code clean up, iana ip assignment update, fixe fileexistsandisreadable --- CHANGELOG | 11 +++++++ Makefile.in | 2 +- docs/nmap.1 | 2 +- docs/nmap.usage.txt | 2 +- nmap.cc | 26 ++++++---------- nmap_winconfig.h | 2 +- osscan.cc | 20 ++---------- osscan2.cc | 24 ++------------- tcpip.cc | 74 +++++++++++++++++++++------------------------ tcpip.h | 19 +++--------- 10 files changed, 67 insertions(+), 115 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 31d7ccf61..c6bdb4fc8 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,4 +1,15 @@ # Nmap Changelog ($Id$); -*-text-*- +4.21ALPHA2 + +o Fixed the way Nmap detects whether one of its data files (such as + nmap-services) exists and has permissions which allow it to be read. + +o Update IANA assignment IP list for random IP (-iR) generation. + Thanks to Kris Katterjohn for the patch. + +o Applied a few code cleanup patches from Kris Katterjohn. + +4.21ALPHA1 o Integrated the Nmap Scripting Engine (NSE) into mainline Nmap. Diman Todorov and I have been working on this for more than six months, and diff --git a/Makefile.in b/Makefile.in index 4a465892e..17602744a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -export NMAP_VERSION = 4.21ALPHA1 +export NMAP_VERSION = 4.21ALPHA2 NMAP_NAME= Nmap NMAP_URL= http://insecure.org NMAP_PLATFORM=@host@ diff --git a/docs/nmap.1 b/docs/nmap.1 index 62e209d1e..5612a93b8 100644 --- a/docs/nmap.1 +++ b/docs/nmap.1 @@ -2,7 +2,7 @@ .\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). .\" Instead of manually editing it, you probably should edit the DocBook XML .\" source for it and then use the DocBook XSL Stylesheets to regenerate it. -.TH "NMAP" "1" "12/10/2006" "" "Nmap Reference Guide" +.TH "NMAP" "1" "12/12/2006" "" "Nmap Reference Guide" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/docs/nmap.usage.txt b/docs/nmap.usage.txt index b5d6a4c4f..ac9b950bd 100644 --- a/docs/nmap.usage.txt +++ b/docs/nmap.usage.txt @@ -1,4 +1,4 @@ -Nmap 4.21ALPHA1 ( http://insecure.org ) +Nmap 4.21ALPHA2 ( http://insecure.org ) Usage: nmap [Scan Type(s)] [Options] {target specification} TARGET SPECIFICATION: Can pass hostnames, IP addresses, networks, etc. diff --git a/nmap.cc b/nmap.cc index 69ac94822..fd34d957c 100644 --- a/nmap.cc +++ b/nmap.cc @@ -347,13 +347,12 @@ static int ip_is_reserved(struct in_addr *ip) break; } - - /* 077-079/8 is IANA reserved */ - if (i1 >= 77 && i1 <= 79) + /* 092-95/8 is IANA reserved */ + if (i1 >= 92 && i1 <= 95) return 1; - /* 092-123/8 is IANA reserved */ - if (i1 >= 92 && i1 <= 123) + /* 100-120/8 is IANA reserved */ + if (i1 >= 100 && i1 <= 120) return 1; /* 172.16.0.0/12 is reserved for private nets by RFC1819 */ @@ -2310,26 +2309,21 @@ void sigdie(int signo) { exit(1); } -#ifdef WIN32 -#define STAT_READABLE(st) st.st_mode & S_IREAD -#else -#define STAT_READABLE(st) st.st_mode & S_IRUSR -#endif - -/* Returns true (nonzero) if the file pathname given exists, is not - * a directory and is readable by the executing process. Returns - * zero if it is not +/* Returns true (nonzero) if the file pathname given exists, is not a + * directory and is readable by the executing process. Returns two if + * it is readable and is a directory. Otherwise returns 0. */ + int fileexistsandisreadable(char *pathname) { struct stat st; if (stat(pathname, &st) == -1) return 0; - if (!S_ISDIR(st.st_mode) && STAT_READABLE(st)) + if (!S_ISDIR(st.st_mode) && (access(pathname, R_OK) != -1)) return 1; - if ((st.st_mode & S_IFDIR) && STAT_READABLE(st)) + if ((st.st_mode & S_IFDIR) && (access(pathname, R_OK) != -1)) return 2; return 0; diff --git a/nmap_winconfig.h b/nmap_winconfig.h index ab09fa72d..685e2b40a 100644 --- a/nmap_winconfig.h +++ b/nmap_winconfig.h @@ -106,7 +106,7 @@ /* Without this, Windows will give us all sorts of crap about using functions like strcpy() even if they are done safely */ #define _CRT_SECURE_NO_DEPRECATE 1 -#define NMAP_VERSION "4.21ALPHA1" +#define NMAP_VERSION "4.21ALPHA2" #define NMAP_NAME "Nmap" #define NMAP_URL "http://insecure.org" #define NMAP_PLATFORM "i686-pc-windows-windows" diff --git a/osscan.cc b/osscan.cc index 8c5637514..5d3eba6b8 100644 --- a/osscan.cc +++ b/osscan.cc @@ -139,13 +139,6 @@ unsigned char *data = packet + 28; unsigned short realcheck; /* the REAL checksum */ int res; int decoy; -struct pseudo_udp_hdr { - struct in_addr source; - struct in_addr dest; - u8 zero; - u8 proto; - u16 length; -} *pseudo = (struct pseudo_udp_hdr *) ((char *)udp - 12) ; if (!patternbyte) patternbyte = (get_random_uint() % 60) + 65; memset(data, patternbyte, datalen); @@ -169,15 +162,9 @@ for(decoy=0; decoy < o.numdecoys; decoy++) { udp->uh_dport = htons(dport); udp->uh_ulen = htons(8 + datalen); - /* Now the pseudo header for checksuming */ - pseudo->source.s_addr = source->s_addr; - pseudo->dest.s_addr = victim->s_addr; - pseudo->proto = IPPROTO_UDP; - pseudo->length = htons(sizeof(udphdr_bsd) + datalen); - /* OK, now we should be able to compute a valid checksum */ - realcheck = in_cksum((unsigned short *)pseudo, 20 /* pseudo + UDP headers */ + - datalen); + realcheck = magic_tcpudp_cksum(source, victim, IPPROTO_UDP, + sizeof(udphdr_bsd) + datalen, (char *) udp); #if STUPID_SOLARIS_CHECKSUM_BUG udp->uh_sum = sizeof(udphdr_bsd) + datalen; #else @@ -187,9 +174,6 @@ for(decoy=0; decoy < o.numdecoys; decoy++) { if ( o.badsum ) udp->uh_sum++; - /* Goodbye, pseudo header! */ - memset(pseudo, 0, sizeof(*pseudo)); - /* Now for the ip header */ ip->ip_v = 4; ip->ip_hl = 5; diff --git a/osscan2.cc b/osscan2.cc index 2afa09543..13eeba1ce 100644 --- a/osscan2.cc +++ b/osscan2.cc @@ -3009,13 +3009,6 @@ int send_closedudp_probe_2(struct udpprobeinfo &upi, int sd, unsigned short realcheck; /* the REAL checksum */ int res; int decoy; - struct pseudo_udp_hdr { - struct in_addr source; - struct in_addr dest; - u8 zero; - u8 proto; - u16 length; - } *pseudo = (struct pseudo_udp_hdr *) ((char *)udp - 12) ; /* if (!patternbyte) patternbyte = (get_random_uint() % 60) + 65; */ memset(data, patternbyte, datalen); @@ -3043,24 +3036,15 @@ int send_closedudp_probe_2(struct udpprobeinfo &upi, int sd, udp->uh_dport = htons(dport); udp->uh_ulen = htons(8 + datalen); - /* Now the psuedo header for checksuming */ - pseudo->source.s_addr = source->s_addr; - pseudo->dest.s_addr = victim->s_addr; - pseudo->proto = IPPROTO_UDP; - pseudo->length = htons(sizeof(udphdr_bsd) + datalen); - /* OK, now we should be able to compute a valid checksum */ - realcheck = in_cksum((unsigned short *)pseudo, 20 /* pseudo + UDP headers */ + - datalen); + realcheck = magic_tcpudp_cksum(source, victim, IPPROTO_UDP, + sizeof(udphdr_bsd) + datalen, (char *) udp); #if STUPID_SOLARIS_CHECKSUM_BUG udp->uh_sum = sizeof(udphdr_bsd) + datalen; #else udp->uh_sum = realcheck; #endif - /* Goodbye, pseudo header! */ - memset(pseudo, 0, sizeof(*pseudo)); - /* Now for the ip header */ ip->ip_v = 4; ip->ip_hl = 5; @@ -3088,10 +3072,6 @@ int send_closedudp_probe_2(struct udpprobeinfo &upi, int sd, upi.patternbyte = patternbyte; upi.target.s_addr = ip->ip_dst.s_addr; } - if (TCPIP_DEBUGGING > 1) { - log_write(LOG_STDOUT, "Raw UDP packet creation completed! Here it is:\n"); - readudppacket(packet,1); - } if ((res = send_ip_packet(sd, eth, packet, ntohs(ip->ip_len))) == -1) { diff --git a/tcpip.cc b/tcpip.cc index 2fd0080f1..85169735e 100644 --- a/tcpip.cc +++ b/tcpip.cc @@ -957,6 +957,28 @@ answer = ~sum; /* ones-complement, then truncate to 16 bits */ return(answer); } +/* for computing TCP/UDP checksums, see TCP/IP Illustrated p. 145 */ +unsigned short magic_tcpudp_cksum(const struct in_addr *src, + const struct in_addr *dst, + u8 proto, u16 len, char *hstart) +{ + struct pseudo { + struct in_addr src; + struct in_addr dst; + u8 zero; + u8 proto; + u16 length; + } *hdr = (struct pseudo *) (hstart - sizeof(struct pseudo)); + + hdr->src = *src; + hdr->dst = *dst; + hdr->zero = 0; + hdr->proto = proto; + hdr->length = htons(len); + + return in_cksum((unsigned short *) hdr, len + sizeof(struct pseudo)); +} + /* LEGACY resolve() function that only supports IPv4 -- see IPv6 version above. Tries to resolve given hostname and stores result in ip . returns 0 if hostname cannot @@ -1098,21 +1120,11 @@ u8 *build_tcp_raw(const struct in_addr *source, const struct in_addr *victim, u8 *tcpopt, int tcpoptlen, char *data, u16 datalen, u32 *outpacketlen) { -struct pseudo_header { - /*for computing TCP checksum, see TCP/IP Illustrated p. 145 */ - u32 s_addy; - u32 d_addr; - u8 zer0; - u8 protocol; - u16 length; -}; int packetlen = sizeof(struct ip) + ipoptlen + sizeof(struct tcphdr) + tcpoptlen + datalen; u8 *packet = (u8 *) safe_malloc(packetlen); struct ip *ip = (struct ip *) packet; struct tcphdr *tcp = (struct tcphdr *) ((u8*)ip + sizeof(struct ip) + ipoptlen); -struct pseudo_header *pseudo = - (struct pseudo_header *) ((u8*)tcp - sizeof(struct pseudo_header)); static int myttl = 0; assert(victim); @@ -1130,12 +1142,6 @@ if (ttl == -1) { myttl = ttl; } -pseudo->s_addy = source->s_addr; -pseudo->d_addr = victim->s_addr; -pseudo->zer0 = 0; -pseudo->protocol = IPPROTO_TCP; -pseudo->length = htons(sizeof(struct tcphdr) + tcpoptlen + datalen); - /* Fill tcp header */ memset(tcp, 0, sizeof(struct tcphdr)); tcp->th_sport = htons(sport); @@ -1174,8 +1180,9 @@ if (data && datalen) #if STUPID_SOLARIS_CHECKSUM_BUG tcp->th_sum = sizeof(struct tcphdr) + tcpoptlen + datalen; #else -tcp->th_sum = in_cksum((unsigned short *)pseudo, sizeof(struct tcphdr) + - tcpoptlen + sizeof(struct pseudo_header) + datalen); +tcp->th_sum = magic_tcpudp_cksum(source, victim, IPPROTO_TCP, + sizeof(struct tcphdr) + tcpoptlen + datalen, + (char *) tcp); #endif if ( o.badsum ) @@ -1583,15 +1590,6 @@ u8 *build_udp_raw(struct in_addr *source, const struct in_addr *victim, udphdr_bsd *udp = (udphdr_bsd *) ((u8*)ip + sizeof(struct ip) + ipoptlen); static int myttl = 0; - struct pseudo_udp_hdr { - struct in_addr source; - struct in_addr dest; - u8 zer0; - u8 proto; - u16 length; - } *pseudo = (struct pseudo_udp_hdr *) ((u8 *)udp - sizeof(struct pseudo_udp_hdr)); - - /* check that required fields are there and not too silly */ assert(victim); assert(source); @@ -1613,18 +1611,12 @@ u8 *build_udp_raw(struct in_addr *source, const struct in_addr *victim, if (data) memcpy((u8*)udp + sizeof(udphdr_bsd), data, datalen); - /* Now the pseudo header for checksuming */ - pseudo->source.s_addr = source->s_addr; - pseudo->dest.s_addr = victim->s_addr; - pseudo->zer0 = 0; - pseudo->proto = IPPROTO_UDP; - pseudo->length = htons(sizeof(udphdr_bsd) + datalen); - /* OK, now we should be able to compute a valid checksum */ #if STUPID_SOLARIS_CHECKSUM_BUG udp->uh_sum = sizeof(udphdr_bsd) + datalen; #else - udp->uh_sum = in_cksum((unsigned short *)pseudo, 20 /* pseudo + UDP headers */ + datalen); + udp->uh_sum = magic_tcpudp_cksum(source, victim, IPPROTO_UDP, + sizeof(udphdr_bsd) + datalen, (char *) udp); #endif if ( o.badsum ) @@ -1961,8 +1953,9 @@ if (timedout) { bool pcap_selectable_fd_valid() { #if defined(WIN32) || defined(MACOSX) return false; -#endif +#else return true; +#endif } /* Call this instead of pcap_get_selectable_fd directly (or your code @@ -2614,20 +2607,21 @@ int sd; /* len = sizeof(SA); */ #endif -#if TCPIP_DEBUGGING + /* Debugging code printf("ifnet list length = %d\n",ifc.ifc_len); printf("sa_len = %d\n",len); hdump((unsigned char *) buf, ifc.ifc_len); printf("ifr = %X\n",(unsigned)(*(char **)&ifr)); printf("Size of struct ifreq: %d\n", sizeof(struct ifreq)); -#endif + */ for(; ifr && ifr->ifr_name[0] && ((u8 *)ifr) < buf + ifc.ifc_len; ifr = (struct ifreq *)(((char *)ifr) + len)) { -#if TCPIP_DEBUGGING + + /* debugging code printf("ifr_name size = %d\n", sizeof(ifr->ifr_name)); printf("ifr = %X\n",(unsigned)(*(char **)&ifr)); -#endif + */ /* On some platforms (such as FreeBSD), the length of each ifr changes based on the sockaddr type used, so we get the next length now */ diff --git a/tcpip.h b/tcpip.h index 5624e7b22..df14b36e7 100644 --- a/tcpip.h +++ b/tcpip.h @@ -183,9 +183,6 @@ void *realloc(); #include #define NETINET_IP_H #endif -#ifndef __FAVOR_BSD -#define __FAVOR_BSD -#endif #ifndef NETINET_TCP_H /* why the HELL does OpenBSD not do this? */ #include /*#include */ #define NETINET_TCP_H @@ -240,10 +237,6 @@ typedef enum { devt_ethernet, devt_loopback, devt_p2p, devt_other } devtype; #include "nmap.h" #include "global_structures.h" -#ifndef TCPIP_DEBUGGING -#define TCPIP_DEBUGGING 0 -#endif - /* Explicit Congestion Notification (rfc 2481/3168) */ #ifndef TH_ECE #define TH_ECE 0x40 @@ -513,6 +506,10 @@ bool routethrough(const struct sockaddr_storage * const dest, unsigned short in_cksum(u16 *ptr,int nbytes); +unsigned short magic_tcpudp_cksum(const struct in_addr *src, + const struct in_addr *dst, + u8 proto, u16 len, char *hstart); + /* Build and send a raw tcp packet. If TTL is -1, a partially random (but likely large enough) one is chosen */ int send_tcp_raw( int sd, struct eth_nfo *eth, @@ -770,17 +767,9 @@ int recvtime(int sd, char *buf, int len, int seconds, int *timedout); /* Sets a pcap filter function -- makes SOCK_RAW reads easier */ #ifndef WINIP_H -typedef int (*PFILTERFN)(const char *packet, unsigned int len); /* 1 to keep */ void set_pcap_filter(const char *device, pcap_t *pd, char *bpf, ...); #endif -/* Just accept everything ... TODO: Need a better approach than this flt_ - stuff */ -int flt_all(const char *packet, unsigned int len); -int flt_icmptcp(const char *packet, unsigned int len); -int flt_icmptcp_2port(const char *packet, unsigned int len); -int flt_icmptcp_5port(const char *packet, unsigned int len); - #endif /*TCPIP_H*/