From e6bb524f189a052f70434bce6f8469627d24720a Mon Sep 17 00:00:00 2001 From: david Date: Sat, 3 Sep 2011 18:08:20 +0000 Subject: [PATCH] Use u32 rather than unsigned long to define RPC packet structure. RPC scan was broken on some 64-bit architectures because unsigned long is 8 bytes, not 4. --- CHANGELOG | 3 +++ nmap_rpc.cc | 9 +++++---- nmap_rpc.h | 36 ++++++++++++++++++------------------ 3 files changed, 26 insertions(+), 22 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index e9a01d0a7..316318615 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ # Nmap Changelog ($Id$); -*-text-*- +o Fixed RPC scan for 64-bit architectures by using fixed-size data + types. [David] + o Relaxed the XML DTD to allow validation of files where the verbosity level changed during the scan. [Daniel Miller] diff --git a/nmap_rpc.cc b/nmap_rpc.cc index 6d14d57d9..f00c2e045 100644 --- a/nmap_rpc.cc +++ b/nmap_rpc.cc @@ -223,7 +223,7 @@ int send_rpc_query(Target *target_host, unsigned short portno, if (numruns++ > 2) fatal("Done"); */ - rpch = (struct rpc_hdr *) ((char *)rpch_buf + sizeof(unsigned long)); + rpch = (struct rpc_hdr *) ((char *)rpch_buf + sizeof(u32)); memset(rpch, 0, sizeof(struct rpc_hdr)); @@ -337,8 +337,8 @@ int send_rpc_query(Target *target_host, unsigned short portno, } else { /* TCP socket */ /* 0x80000000 means only 1 record marking */ - *(unsigned long *)rpch_buf = htonl(sizeof(struct rpc_hdr) | 0x80000000); - res = Send(tcp_rpc_socket, rpch_buf, sizeof(struct rpc_hdr) + sizeof(unsigned long), 0); + *(u32 *)rpch_buf = htonl(sizeof(struct rpc_hdr) | 0x80000000); + res = Send(tcp_rpc_socket, rpch_buf, sizeof(struct rpc_hdr) + sizeof(u32), 0); if (res == -1) { if (o.debugging) { gh_perror("Write in %s", __func__); @@ -406,7 +406,8 @@ static int rpc_are_we_done(char *msg, int msg_len, Target *target, } if (ntohl(rpc_pack->auth_flavor) != 0 /* AUTH_NULL */ || ntohl(rpc_pack->opaque_length != 0)) { - error("Strange -- auth flavor/opaque_length are %lu/%lu should generally be 0/0", rpc_pack->auth_flavor, rpc_pack->opaque_length); + error("Strange -- auth flavor/opaque_length are %lu/%lu should generally be 0/0", + (unsigned long) rpc_pack->auth_flavor, (unsigned long) rpc_pack->opaque_length); rsi->rpc_status = RPC_STATUS_NOT_RPC; ss->numqueries_outstanding = 0; return 1; diff --git a/nmap_rpc.h b/nmap_rpc.h index 0f41c8557..a8f92c5f0 100644 --- a/nmap_rpc.h +++ b/nmap_rpc.h @@ -116,27 +116,27 @@ /* structure used for RPC calls */ struct rpc_hdr -{ u_long xid; /* xid number */ - u_long type_msg; /* request or answer */ - u_long version_rpc; /* portmapper/rpcbind version */ - u_long prog_id; /* rpc program id */ - u_long prog_ver; /* rpc program version */ - u_long prog_proc; /* remote procedure call number */ - u_long authcred_flavor; /* credentials field */ - u_long authcred_length; - u_long authveri_flavor; /* verification field */ - u_long authveri_length; +{ u32 xid; /* xid number */ + u32 type_msg; /* request or answer */ + u32 version_rpc; /* portmapper/rpcbind version */ + u32 prog_id; /* rpc program id */ + u32 prog_ver; /* rpc program version */ + u32 prog_proc; /* remote procedure call number */ + u32 authcred_flavor; /* credentials field */ + u32 authcred_length; + u32 authveri_flavor; /* verification field */ + u32 authveri_length; }; struct rpc_hdr_rcv { - unsigned long xid; - unsigned long type_msg; - unsigned long rp_stat; - unsigned long auth_flavor; - unsigned long opaque_length; - unsigned long accept_stat; - unsigned long low_version; - unsigned long high_version; + u32 xid; + u32 type_msg; + u32 rp_stat; + u32 auth_flavor; + u32 opaque_length; + u32 accept_stat; + u32 low_version; + u32 high_version; }; struct rpc_info {