PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-02-14 09:26:35 +00:00
Code Issues Projects Releases Wiki Activity

Return the last host before skipping an octet in an IPv4 range exclude

Browse Source 
group. Not doing this was the cause of off-by-one errors that led to
assertion failures and, potentially, excluded hosts being scanned. Here
is the comment I added:

  /* The decision to skip a range was based on the address that came immediately
     before what our current array contains now. For example, if we have just
     handed out 0.0.0.0 from the the range 0-5.0.0.0, and we're asked to skip
     the first octet, we want to advance to 1.0.0.0. But 1.0.0.0 is what is in
     the current array right now, because TargetGroup::get_next_host advances
     the array after returning an address. If we didn't step back we would
     erroneously skip ahead to 2.0.0.0. */
This commit is contained in:
david
2009-11-18 01:17:59 +00:00
parent 714dd18f7f
commit a4fc71afb6
2 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGELOG
View File

@@ -1,5 +1,14 @@
# Nmap Changelog ($Id$); -*-text-*-
o Fixed an error in the handling of exclude groups that used IPv4
ranges. Si Stransky reported the problem and provided a number of
useful test cases in http://seclists.org/nmap-dev/2009/q4/276. The
error caused various assertion failures along the lines of
TargetGroup.cc:465: int
TargetGroup::get_next_host(sockaddr_storage*, size_t*):
Assertion `ipsleft > 1' failed.
[David]
o Add a new script, db2-info.nse, that enhances DB2 database instance detection.
The script provides detection when version probes fail, but will default to
the value provided the version probes if that value is more precise. The

13
TargetGroup.cc
View File

@@ -351,6 +351,15 @@ int TargetGroup::skip_range(_octet_nums octet) {
if (targets_type != IPV4_RANGES)
return -1;
/* The decision to skip a range was based on the address that came immediately
before what our current array contains now. For example, if we have just
handed out 0.0.0.0 from the the range 0-5.0.0.0, and we're asked to skip
the first octet, we want to advance to 1.0.0.0. But 1.0.0.0 is what is in
the current array right now, because TargetGroup::get_next_host advances
the array after returning an address. If we didn't step back we would
erroneously skip ahead to 2.0.0.0. */
return_last_host();
switch (octet) {
case FIRST_OCTET:
oct = 0;
@@ -386,9 +395,7 @@ int TargetGroup::skip_range(_octet_nums octet) {
current[i] = 0;
}
/* we actually don't skip the current, it was accounted for
* by get_next_host */
ipsleft -= hosts_skipped - 1;
ipsleft -= hosts_skipped;
return hosts_skipped;
}