PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 06:01:28 +00:00
Code Issues Projects Releases Wiki Activity

Fix off-by-one overflow in the IP protocol table.

Browse Source 
Fixes #2896, closes #2897, closes #2900
This commit is contained in:
nnposter
2024-08-08 01:31:06 +00:00
parent 667527c4b4
commit efa0dc36f2
5 changed files with 17 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
protocols.cc
View File

@@ -79,7 +79,7 @@ struct strcmp_comparator {
// IP Protocol number is 8 bits wide
// protocol_table[IPPROTO_TCP] == {"tcp", 6}
static struct nprotoent *protocol_table[UCHAR_MAX];
static struct nprotoent *protocol_table[MAX_IPPROTONUM + 1];
// proto_map["tcp"] = {"tcp", 6}
typedef std::map<const char *, struct nprotoent, strcmp_comparator> ProtoMap;
static ProtoMap proto_map;
@@ -119,7 +119,7 @@ static int nmap_protocols_init() {
if (*p == '#' || *p == '\0')
continue;
res = sscanf(line, "%127s %hu", protocolname, &protno);
if (res !=2 || protno > UCHAR_MAX) {
if (res !=2 || protno > MAX_IPPROTONUM) {
error("Parse error in protocols file %s line %d", filename, lineno);
continue;
}
@@ -191,7 +191,7 @@ const struct nprotoent *nmap_getprotbynum(int num) {
if (nmap_protocols_init() == -1)
return NULL;
assert(num >= 0 && num < UCHAR_MAX);
assert(num >= 0 && num <= MAX_IPPROTONUM);
return protocol_table[num];
}