PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 06:01:28 +00:00
Code Issues Projects Releases Wiki Activity
1,698 Commits 2 Branches 0 Tags
5c12162dd63bfd1e6b51a6ab6c43d4a0da993d9f
Commit Graph

42 Commits

Author SHA1 Message Date
kris
83ed199791 Adding packet validity checking to readip_pcap() so the caller can assume the 
packet is OK from the get-go rather than running basic checks of it's own.

In a nutshell this patch checks to make sure:

1) there is enough room for an IP header in the amount of bytes read
2) the IP version number is correct
3) the IP length fields are at least as big as the standard header
4) the IP packet received isn't a fragment, or is the initial fragment
5) that next level headers seem reasonable

For TCP, this checks that there is enough room for the header in the number
of bytes read, and that any option lengths are correct.  The options checked
are MSS, WScale, SackOK, Sack, and Timestamp.

This also fixes a bug I discovered while testing.  Since the Ethernet CRC
(and other datalink-layer data) could be read and counted, it was being
returned that there was more IP packet than there really was.  This didn't
cause an overrun of the buffer or anything, just that garbage data could have
easily been read instead of real packet data.  Now, if validity is checked for
and the number of total bytes read is larger than the IP's length, the length
is set to the IP header's total length field.

This seems to work great after doing what testing I could.  It's been out on
nmap-dev for a couple of weeks without any bad reports (none at all for that
matter).  I reviewed this patch again before committing and it looks good as
well.
 2008-06-30 23:55:19 +00:00
kris
b5e046b693 Fixing another bug found by Ilja, this time in Idle Scan: ipid_proxy_probe() was calling readtcppacket() with an unverified length argument. 2008-06-11 06:11:52 +00:00
kris
9af737cd7f Changing --no_stylesheet to --no-stylesheet in the refguide, and changing 
a few more long options with underscores in comments and output
 2008-06-08 15:34:07 +00:00
michael
9f1c28ad9c This patch reorganizes the way ping probes are handled internally. 
Previously the ping probe data structures were stored in NmapOps,
now they will be stored in the scan_lists struct. All other changes
auxiliary to this reorganization.
 2008-05-29 07:49:37 +00:00
fyodor
779b96a197 trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
fyodor
10b54b773b minor license template updates from Kris--fix gnu.org link to GPLv2 (moved) and openssl license filename (COPYING.OpenSSL) 2008-05-05 04:10:00 +00:00
david
061ded973d Allocate 128 characters for the idle scan ScanProgressMeter title. Previously 
it was 32 characters. The "idle scan against " and the \0 terminator take up 19
characters, leaving only 13, which isn't enough to represent all IP addresses,
let alone host names.
 2008-04-08 19:59:56 +00:00
fyodor
1accc12fb2 fix typo in legal header found by Leigh Zhao (missing word: of) 2008-02-28 18:52:06 +00:00
fyodor
29c912f394 URL change from http://insecure.org/nmap/* to http://nmap.org/* 2008-01-17 07:22:03 +00:00
fyodor
8220c8a42f update copyright line at the top of files from 1996-2006 to 1996-2008 2007-12-22 06:32:03 +00:00
fyodor
09512ff092 o Fix a bunch of warning/error messages which contained an extra 
newline.  Thanks to Brandon Enright for the patch.
 2007-12-21 03:38:04 +00:00
david
50c4981934 Remove the first-generation OS detection and nmap-os-fingerprints. 2007-11-03 01:31:02 +00:00
david
2e65b35f84 Remove the artificial cap on the number of ping scan ports and protocols. Port 
lists for ping scan now use the same syntax as the -p option except that T:,
U:, and P: are not allowed.
 2007-11-01 16:15:11 +00:00
fyodor
ad74d5a4b0 change IPID to IP ID in Nmap output as I think the latter is more proper, though if anyone thinks IPID is better, I'm happy to hear your reasons. 2007-09-08 21:43:51 +00:00
fyodor
4dc8618965 capitalization changes 2007-09-03 02:55:01 +00:00
kris
0b50c16b38 Adding Snprintf() and Vsnprintf() to nbase/nbase_str.c. This is because of Windows' stupid implementation where it doesn't write a NULL byte at the end of the buffer if the result is truncated. I would've just #defined snprintf and vsnprintf to some wrapper function for Windows, but this doesn't work as libdnet and libpcap (and libpcap includes under mswin32) define snprintf to _snprintf and vsnprintf to _vsnprintf like we do, and through the many defines they end up being available in the Nmap sources. Vsnprintf() uses vsnprintf() (and writes a NULL byte at the end if truncated), and Snprintf uses Vsnprintf(). 2007-08-14 06:46:54 +00:00
fyodor
90a0087bb4 merge soc07 r5081 - changed close to 100 occurrences of LOG_NORMAL|LOG_SKID|LOG_STDOUT (and combinations) to LOG_PLAIN, and moved LOG_PLAIN definition to output.h from traceroute.h 2007-08-11 05:11:47 +00:00
fyodor
8d74bbcd8a merge soc07 r4871:4884 and r4888 - renaming __FUNCTION__ to __func__ and changing hardcoded func names to __func__ 2007-08-11 04:06:09 +00:00
fyodor
58522c59f6 merge soc07 r4822 - Reduce the number of build dependencies. 2007-08-11 03:35:46 +00:00
fyodor
58f46706e5 merge soc07 r4751 - UDP traceroute hop distance and port state reason feature 2007-08-11 03:15:24 +00:00
kris
69754e8311 Use dnet headers for TCP and UDP. This allows us to remove netinet tcp.h and udp.h references, the udphdr_bsd stuff, and the TH_ECE/TH_CWR #defines in tcpip.h. That was easy, but we (Fyodor and I) came to the conclusion that IP and ICMP aren't worth the hassle to switch (I was testing TCP, UDP and IP in my branch). The struct icmp_hdr in dnet isn't setup anything like what we're using now. Then, struct ip_hdr uses ip_addr_t (typedef'd to uint32_t in that ip.h) instead of struct in_addr for the IP addresses, and that would require some dnet modifying to work right. We might be able to come up with some elegant solution for IP, but probably not for ICMP. For now, they're still left up to netinet (or tcpip.h). 2007-01-23 05:29:59 +00:00
fyodor
10ffae41cf spellcheck patch 2006-09-05 08:39:32 +00:00
fyodor
9cbae88f44 Add -ip-options support 2006-08-29 03:26:00 +00:00
fyodor
b28d51167c Minor source code header improvements 2006-08-25 01:47:49 +00:00
fyodor
a403864351 Replace file headers, mostly to update copyright to 2006 2006-08-24 04:43:50 +00:00
fyodor
29b1d58389 Some minor misc. fixes from Marek Majkowski and Kris Katterjohn 2006-08-22 21:31:37 +00:00
fyodor
9c0af0a95b memory releasing patch from Marek 2006-07-04 23:04:56 +00:00
fyodor
bba26da49f incl nmap-os-db in windows binary distros, fix max-retries, some spellchecking 2006-07-02 21:34:29 +00:00
fyodor
56384d8770 About to release 4.20SOC-ALPHA1 2006-06-25 02:02:14 +00:00
fyodor
37fac543b5 Majek's Portlist change patch 2006-05-14 05:00:58 +00:00
fyodor
7fafddee53 latest changes ... 2006-03-25 23:56:48 +00:00
fyodor
76ab1500b3 make a ton of global symbols static 2006-03-05 23:59:46 +00:00
fyodor
848ad2a96a Nmap 4.02Alpha1 release for Everdream 2006-03-03 23:12:14 +00:00
fyodor
c9dd83e327 about to apply Doug DNS fix patch 2006-02-07 07:15:32 +00:00
fyodor
453981b882 2005-12-07 07:37:29 +00:00
fyodor
20a2881462 attempted fix for idle scan woes 2005-12-07 07:02:56 +00:00
fyodor
b3923483ea 3.84ALPHA1 release imminant 2005-08-11 05:07:01 +00:00
fyodor
02397959b3 removed winip lib 2005-08-10 04:16:18 +00:00
fyodor
9ea1ad84d2 removed BSDFIX/BSDUFIX macros for good 2005-07-27 02:38:38 +00:00
fyodor
8aa16ebc8d BSDFIX/BSDUFIX changes related to the new ethernet sending stuff -- we do not want to BSDFIX an IP packet field that will be sent on an ethernet frame 2005-07-27 02:20:57 +00:00
fyodor
555c986ac3 Whew -- big reorganization to allow ethernet sends of IP packets 2005-07-19 05:07:51 +00:00
fyodor
26ce3d66f4 get rid of silly top-level trunk dir 2005-04-11 22:34:19 +00:00