Use u32 rather than unsigned long to define RPC packet structure.

RPC scan was broken on some 64-bit architectures because unsigned long is 8 bytes, not 4.
2026-01-06 06:29:03 +00:00 · 2011-09-03 18:08:20 +00:00
parent a13313ad2f
commit e6bb524f18
3 changed files with 26 additions and 22 deletions
--- a/3
+++ b/3
@@ -1,5 +1,8 @@
 # Nmap Changelog ($Id$); -*-text-*-

+o Fixed RPC scan for 64-bit architectures by using fixed-size data
+  types. [David]
+
 o Relaxed the XML DTD to allow validation of files where the verbosity
  level changed during the scan. [Daniel Miller]

--- a/nmap_rpc.cc
+++ b/nmap_rpc.cc
@@ -223,7 +223,7 @@ int send_rpc_query(Target *target_host, unsigned short portno,
     if (numruns++ > 2)
     fatal("Done");  */

-  rpch = (struct rpc_hdr *) ((char *)rpch_buf + sizeof(unsigned long));
+  rpch = (struct rpc_hdr *) ((char *)rpch_buf + sizeof(u32));
  memset(rpch, 0, sizeof(struct rpc_hdr));


@@ -337,8 +337,8 @@ int send_rpc_query(Target *target_host, unsigned short portno,
  } else {
    /* TCP socket */
    /* 0x80000000 means only 1 record marking */
-    *(unsigned long *)rpch_buf = htonl(sizeof(struct rpc_hdr) | 0x80000000);
-    res = Send(tcp_rpc_socket, rpch_buf, sizeof(struct rpc_hdr) + sizeof(unsigned long), 0);
+    *(u32 *)rpch_buf = htonl(sizeof(struct rpc_hdr) | 0x80000000);
+    res = Send(tcp_rpc_socket, rpch_buf, sizeof(struct rpc_hdr) + sizeof(u32), 0);
    if (res == -1) {
      if (o.debugging) {
 	gh_perror("Write in %s", __func__);
@@ -406,7 +406,8 @@ static int rpc_are_we_done(char *msg, int msg_len, Target *target,
  }
  if (ntohl(rpc_pack->auth_flavor) != 0 /* AUTH_NULL */ ||
      ntohl(rpc_pack->opaque_length != 0)) {
-    error("Strange -- auth flavor/opaque_length are %lu/%lu should generally be 0/0", rpc_pack->auth_flavor, rpc_pack->opaque_length);
+    error("Strange -- auth flavor/opaque_length are %lu/%lu should generally be 0/0",
+      (unsigned long) rpc_pack->auth_flavor, (unsigned long) rpc_pack->opaque_length);
    rsi->rpc_status = RPC_STATUS_NOT_RPC;
    ss->numqueries_outstanding = 0;
    return 1;
--- a/nmap_rpc.h
+++ b/nmap_rpc.h
@@ -116,27 +116,27 @@

 /* structure used for RPC calls */
 struct rpc_hdr                          
-{       u_long  xid;                    /* xid number                    */
-        u_long  type_msg;               /* request or answer             */
-        u_long  version_rpc;            /* portmapper/rpcbind version    */
-        u_long  prog_id;                /* rpc program id                */
-        u_long  prog_ver;               /* rpc program version           */
-        u_long  prog_proc;              /* remote procedure call number  */
-        u_long  authcred_flavor;        /* credentials field             */
-        u_long  authcred_length;
-        u_long  authveri_flavor;        /* verification field            */
-        u_long  authveri_length;
+{       u32  xid;                    /* xid number                    */
+        u32  type_msg;               /* request or answer             */
+        u32  version_rpc;            /* portmapper/rpcbind version    */
+        u32  prog_id;                /* rpc program id                */
+        u32  prog_ver;               /* rpc program version           */
+        u32  prog_proc;              /* remote procedure call number  */
+        u32  authcred_flavor;        /* credentials field             */
+        u32  authcred_length;
+        u32  authveri_flavor;        /* verification field            */
+        u32  authveri_length;
 };

 struct rpc_hdr_rcv {
-  unsigned long xid;
-  unsigned long type_msg;
-  unsigned long rp_stat;
-  unsigned long auth_flavor;
-  unsigned long opaque_length;
-  unsigned long accept_stat;
-  unsigned long low_version;
-  unsigned long high_version;
+  u32 xid;
+  u32 type_msg;
+  u32 rp_stat;
+  u32 auth_flavor;
+  u32 opaque_length;
+  u32 accept_stat;
+  u32 low_version;
+  u32 high_version;
 };

 struct rpc_info {