PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Use a bigger buffer to read IP addresses from /etc/resolv.conf (to

Browse Source 
acommonate IPv6 addresses) and make the sscanf format size match the
buffer size (to avoid smashing the stack). The format string is
constructed dynamically to the size of the buffer with Snprintf. Gunnar
Lindberg reported this problem; discussion starts at
http://seclists.org/nmap-dev/2010/q1/250.
This commit is contained in:
david
2010-01-27 01:16:14 +00:00
parent 5f4409ebc2
commit d04e2e825a
2 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
nmap_dns.cc
View File

@@ -937,7 +937,8 @@ void win32_read_registry(char *controlset) {
static void parse_resolvdotconf() {
FILE *fp;
char buf[2048], *tp;
char ipaddr[16];
char fmt[32];
char ipaddr[INET6_ADDRSTRLEN];
fp = fopen("/etc/resolv.conf", "r");
if (fp == NULL) {
@@ -945,6 +946,9 @@ static void parse_resolvdotconf() {
return;
}
/* Customize a sscanf format to sizeof(ipaddr). */
Snprintf(fmt, sizeof(fmt), "nameserver %%%us", sizeof(ipaddr));
while (fgets(buf, sizeof(buf), fp)) {
tp = buf;
@@ -956,7 +960,7 @@ static void parse_resolvdotconf() {
// Skip any leading whitespace
while (*tp == ' ' || *tp == '\t') tp++;
if (sscanf(tp, "nameserver %65s", ipaddr) == 1) add_dns_server(ipaddr);
if (sscanf(tp, fmt, ipaddr) == 1) add_dns_server(ipaddr);
}
fclose(fp);