Fix calculation of namelen param to bind in Ncat. Fixes #166

2025-12-10 17:59:04 +00:00 · 2015-06-18 04:33:58 +00:00
parent ce9eb6b0f3
commit d43967bf99
3 changed files with 39 additions and 3 deletions
--- a/4
+++ b/4
@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-

+o Fix Ncat listen mode on Solaris and other platforms where struct sockaddr
+  does not have a sa_len member. This also affected use of the -p and -s
+  options. Brandon Haberfeld reported the crash. [Daniel Miller]
+
 o [NSE] Fix Diffie-Hellman parameter extraction in tls.lua. [Jacob Gajek]

 o [NSE] Added http-webdav-scan, which detects WebDAV installations. [Gyanendra Mishra]
--- a/ncat/ncat_connect.c
+++ b/ncat/ncat_connect.c
@@ -922,8 +922,26 @@ int ncat_connect(void)
        }
        else
 #endif
-        if (srcaddr.storage.ss_family != AF_UNSPEC)
+        switch (srcaddr.storage.ss_family) {
+          case AF_UNSPEC:
+            break;
+          case AF_INET:
+            nsi_set_localaddr(cs.sock_nsi, &srcaddr.storage, sizeof(srcaddr.in));
+            break;
+#ifdef AF_INET6
+          case AF_INET6:
+            nsi_set_localaddr(cs.sock_nsi, &srcaddr.storage, sizeof(srcaddr.in6));
+            break;
+#endif
+#if HAVE_SYS_UN_H
+          case AF_UNIX:
+            nsi_set_localaddr(cs.sock_nsi, &srcaddr.storage, SUN_LEN((struct sockaddr_un *)&srcaddr.storage));
+            break;
+#endif
+          default:
            nsi_set_localaddr(cs.sock_nsi, &srcaddr.storage, sizeof(srcaddr.storage));
+            break;
+        }

        if (o.numsrcrtes) {
            unsigned char *ipopts = NULL;
--- a/ncat/util.c
+++ b/ncat/util.c
@@ -440,15 +440,29 @@ int do_listen(int type, int proto, const union sockaddr_u *srcaddr_u)
 #endif
 #endif

+    switch(srcaddr_u->storage.ss_family) {
 #ifdef HAVE_SYS_UN_H
-    if (srcaddr_u->storage.ss_family == AF_UNIX)
+      case AF_UNIX:
        sa_len = SUN_LEN(&srcaddr_u->un);
-    else
+        break;
 #endif
 #ifdef HAVE_SOCKADDR_SA_LEN
+      default:
        sa_len = srcaddr_u->sockaddr.sa_len;
+        break;
 #else
+      case AF_INET:
+        sa_len = sizeof (struct sockaddr_in);
+        break;
+#ifdef AF_INET6
+      case AF_INET6:
+        sa_len = sizeof (struct sockaddr_in6);
+        break;
+#endif
+      default:
        sa_len = sizeof(*srcaddr_u);
+        break;
+    }
 #endif

    if (bind(sock, &srcaddr_u->sockaddr, sa_len) < 0) {