Don't use htons to unconditionally swap bytes.

htons is a no-op on big-endian architectures. This affected idle scan IP ID computations. http://seclists.org/nmap-dev/2013/q2/529
2025-12-06 04:31:29 +00:00 · 2013-06-30 02:22:13 +00:00
parent 9e82bb6c4e
commit af8c57a1b8
2 changed files with 9 additions and 2 deletions
--- a/4
+++ b/4
@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-

+o Fixed a byte-ordering problem on little-endian architectures when
+  doing idle scan with a zombie that uses broken ID incremements.
+  [David Fifield]
+
 o [Ncat] Ncat now support chained certificates with the --ssl-cert
  option. [Greg Bailey]

--- a/idle_scan.cc
+++ b/idle_scan.cc
@@ -237,6 +237,9 @@ static int ipid_proxy_probe(struct idle_proxy_info *proxy, int *probes_sent,
  return ipid;
 }

+static u16 byteswap_u16(u16 h) {
+  return ((h&0xff) << 8) | ((h>>8)&0xff);
+}

 /* Returns the number of increments between an early IP ID and a later
   one, assuming the given IP ID Sequencing class.  Returns -1 if the
@@ -248,8 +251,8 @@ static int ipid_distance(int seqclass , u16 startid, u16 endid) {

  if (seqclass == IPID_SEQ_BROKEN_INCR) {
    /* Convert to network byte order */
-    startid = htons(startid);
-    endid = htons(endid);
+    startid = byteswap_u16(startid);
+    endid = byteswap_u16(endid);
    return endid - startid;
  }