From aa76963dcd1682500b67a22eafd4b2d1d47e00df Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Mon, 22 Apr 2013 21:56:09 +0000
Subject: [PATCH] Check for an address family mismatch after parsign NetBlocks.

This caused a segfault in reverse DNS resolution when the v4hostip of an
IPv6 target was accessed:
./nmap -sL 2001:500:88:200::10
---
 targets.cc | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/targets.cc b/targets.cc
index 513adf9b5..3ccc9d4c2 100644
--- a/targets.cc
+++ b/targets.cc
@@ -346,6 +346,20 @@ int TargetGroup::get_next_host(struct sockaddr_storage *ss, size_t *sslen) {
     delete netblock_hostname;
   }
 
+  /* Check for proper address family. Give a specific error message for IPv6
+     specifications appearing in IPv4 mode. */
+  if (o.af() == AF_INET && dynamic_cast<NetBlockIPv6Netmask *>(this->netblock) != NULL) {
+    error("%s looks like an IPv6 target specification -- you have to use the -6 option.",
+      this->netblock->str().c_str());
+    return -1;
+  }
+  if ((o.af() == AF_INET && dynamic_cast<NetBlockIPv4Ranges *>(this->netblock) == NULL) ||
+      (o.af() == AF_INET6 && dynamic_cast<NetBlockIPv6Netmask *>(this->netblock) == NULL)) {
+    error("Address family mismatch in target specification \"%s\".",
+      this->netblock->str().c_str());
+    return -1;
+  }
+
   if (this->netblock->next(ss, sslen))
     return 0;
   else
@@ -552,6 +566,8 @@ tryagain:
     goto tryagain;
   }
 
+  assert(ss.ss_family == o.af());
+
   /* If we are resuming from a previous scan, we have already finished scanning
      up to o.resume_ip.  */
   if (ss.ss_family == AF_INET && o.resume_ip.s_addr) {