PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

Handle ENETDOWN in service scan. Generally do not fatal() on socket errors there.

Browse Source
This commit is contained in:
dmiller
2024-05-21 18:49:36 +00:00
parent e9ea425f12
commit be9c6d96ee
1 changed files with 23 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
service_scan.cc
View File

@@ -2584,6 +2584,7 @@ static void servicescan_read_handler(nsock_pool nsp, nsock_event nse, void *myda
} else if (status == NSE_STATUS_ERROR) { } else if (status == NSE_STATUS_ERROR) {
// Errors might happen in some cases ... I'll worry about later // Errors might happen in some cases ... I'll worry about later
int err = nse_errorcode(nse); int err = nse_errorcode(nse);
bool show_err = true;
switch(err) { switch(err) {
case ECONNRESET: case ECONNRESET:
case ECONNREFUSED: // weird to get this on a connected socket (shrug) but case ECONNREFUSED: // weird to get this on a connected socket (shrug) but
@@ -2599,22 +2600,6 @@ static void servicescan_read_handler(nsock_pool nsp, nsock_event nse, void *myda
startNextProbe(nsp, nsi, SG, svc, true); startNextProbe(nsp, nsi, SG, svc, true);
} }
break; break;
#ifdef EHOSTDOWN
case EHOSTDOWN: // ICMP_HOST_UNKNOWN
#endif
#ifdef ENONET
case ENONET: // ICMP_HOST_ISOLATED
#endif
/* EHOSTDOWN and ENONET can be the result of forged ICMP responses.
* We should probably give up on this port.
*/
case ENETUNREACH:
case EHOSTUNREACH:
// That is funny. The port scanner listed the port as open. Maybe it got unplugged, or firewalled us, or did
// something else nasty during the scan. Shrug. I'll give up on this port
svc->tcpwrap_possible = false;
end_svcprobe(PROBESTATE_INCOMPLETE, SG, svc, nsi);
break;
#ifdef ENOPROTOOPT #ifdef ENOPROTOOPT
case ENOPROTOOPT: // ICMP_PROT_UNREACH case ENOPROTOOPT: // ICMP_PROT_UNREACH
#endif #endif
@@ -2645,9 +2630,29 @@ static void servicescan_read_handler(nsock_pool nsp, nsock_event nse, void *myda
// hardcoded to EIO). I'll just try the next probe. // hardcoded to EIO). I'll just try the next probe.
startNextProbe(nsp, nsi, SG, svc, true); startNextProbe(nsp, nsi, SG, svc, true);
break; break;
#ifdef EHOSTDOWN
case EHOSTDOWN: // ICMP_HOST_UNKNOWN
#endif
#ifdef ENONET
case ENONET: // ICMP_HOST_ISOLATED
#endif
/* EHOSTDOWN and ENONET can be the result of forged ICMP responses.
* We should probably give up on this port.
*/
case ENETUNREACH:
case EHOSTUNREACH:
case ENETDOWN:
// That is funny. The port scanner listed the port as open. Maybe it got unplugged, or firewalled us, or did
// something else nasty during the scan. Shrug. I'll give up on this port
show_err = o.debugging || o.versionTrace();
default: default:
fatal("Unexpected error in NSE_TYPE_READ callback. Error code: %d (%s)", err, if (show_err) {
socket_strerror(err)); error("Unexpected error %d (%s) in NSE_TYPE_READ callback - aborting this service",
err, socket_strerror(err));
}
svc->tcpwrap_possible = false;
end_svcprobe(PROBESTATE_INCOMPLETE, SG, svc, nsi);
break;
} }
} else if (status == NSE_STATUS_KILL) { } else if (status == NSE_STATUS_KILL) {
/* User probably specified host_timeout and so the service scan is /* User probably specified host_timeout and so the service scan is