PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 21:21:31 +00:00
Code Issues Projects Releases Wiki Activity
2,107 Commits 2 Branches 0 Tags
bb8be37ecea8d11f5093e085bd637afbe7029cc3
Commit Graph

49 Commits

Author SHA1 Message Date
david
40d78569d2 Use the cached timing ping probe as the traceroute probe in all situations. 2008-09-06 04:12:34 +00:00
kris
789906f3a8 o Added IPProto Ping (-PO) support to Traceroute, and fixed support for 
IPProto Scan (-sO) and the ICMP Pings (-PE, -PP, -PM) in Traceroute
  as well.  These would cause Nmap to hang during Traceroute. [Kris]
 2008-08-14 17:53:23 +00:00
kris
83ed199791 Adding packet validity checking to readip_pcap() so the caller can assume the 
packet is OK from the get-go rather than running basic checks of it's own.

In a nutshell this patch checks to make sure:

1) there is enough room for an IP header in the amount of bytes read
2) the IP version number is correct
3) the IP length fields are at least as big as the standard header
4) the IP packet received isn't a fragment, or is the initial fragment
5) that next level headers seem reasonable

For TCP, this checks that there is enough room for the header in the number
of bytes read, and that any option lengths are correct.  The options checked
are MSS, WScale, SackOK, Sack, and Timestamp.

This also fixes a bug I discovered while testing.  Since the Ethernet CRC
(and other datalink-layer data) could be read and counted, it was being
returned that there was more IP packet than there really was.  This didn't
cause an overrun of the buffer or anything, just that garbage data could have
easily been read instead of real packet data.  Now, if validity is checked for
and the number of total bytes read is larger than the IP's length, the length
is set to the IP header's total length field.

This seems to work great after doing what testing I could.  It's been out on
nmap-dev for a couple of weeks without any bad reports (none at all for that
matter).  I reviewed this patch again before committing and it looks good as
well.
 2008-06-30 23:55:19 +00:00
kris
3dc65c8b2c o Fixed several byte-order bugs in Traceroute. [Kris] 2008-06-14 07:06:12 +00:00
kris
47bc9d4c4f Fixing more bugs reported by Ilja, mostly bounds checking 2008-06-14 06:59:11 +00:00
kris
44f6087b94 Merging changes from my vc2008-testing branch. This moves Windows development 
to VC++2008.
 2008-06-13 05:58:11 +00:00
michael
9f1c28ad9c This patch reorganizes the way ping probes are handled internally. 
Previously the ping probe data structures were stored in NmapOps,
now they will be stored in the scan_lists struct. All other changes
auxiliary to this reorganization.
 2008-05-29 07:49:37 +00:00
fyodor
779b96a197 trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
fyodor
10b54b773b minor license template updates from Kris--fix gnu.org link to GPLv2 (moved) and openssl license filename (COPYING.OpenSSL) 2008-05-05 04:10:00 +00:00
fyodor
5551c5a311 o Fixed a bunch of code to avoid compilation warning messages (at 
least on some Linux machines) [Andrew J. Bennieston]
 2008-04-09 02:11:20 +00:00
fyodor
1accc12fb2 fix typo in legal header found by Leigh Zhao (missing word: of) 2008-02-28 18:52:06 +00:00
kris
a02bf67a70 reordering UDP port selection for Traceroute: a closed port is now chosen before an open one. 2008-02-15 19:45:34 +00:00
fyodor
29c912f394 URL change from http://insecure.org/nmap/* to http://nmap.org/* 2008-01-17 07:22:03 +00:00
ejlbell
188442662d Traceroute bugfix for when the first hop of the first host in a tracegroup (reference trace) times out. The previous patch did not completely solve the issue due to an erronous check on the ttl, now we use a dedicated boolean flag. Thanks to Sebastián García for the bug report and testing. 2008-01-07 14:39:40 +00:00
fyodor
8220c8a42f update copyright line at the top of files from 1996-2006 to 1996-2008 2007-12-22 06:32:03 +00:00
kris
477214a779 Fixing another possible NULL dereference, in getTracePort() in traceroute.cc. Found with Coverity, CID 29 2007-11-16 03:45:03 +00:00
kris
ad7b6e416b This isn't fixing a bug; Coverity (CID 27) flagged this so I looked, and it doesn't make sense. Coverity saw that 'received' was tested again NULL, but was dereferenced afterwards with no check. So it should either be checked later, or not checked at all. Following timing.cc, and the fact that it isn't passed NULL anywhere, and because it doesn't make sense to pass 'adjustTimeouts' nothing to work with, I've just removed the check. Yeah, this log message is way longer than the patch is :). 2007-11-16 03:27:30 +00:00
kris
66064ad778 Fixing another possible NULL dereference, this time in readTraceResponses() in traceroute.cc. Any replies at all are apparently counted below this section of code, and there is no else case to go with this if and else if, so I figure I'll just let it go false so it goes along with any other abnormal responses. Found with Coverity, CID 28. 2007-11-16 03:14:59 +00:00
kris
01571cee00 fixing a bug in setState() in traceroute.cc. A || was used instead of && which caused it to always evaluate true -- Coverity CID 23 2007-11-15 22:25:00 +00:00
kris
1ba4d72254 fixing misspellings of "EXCEEDED" in comments and in the enum reason_codes (portreasons.h) 2007-11-05 13:04:23 +00:00
ejlbell
40e206a134 Assertion was triggered when the first hop of the reference trace timed out. The textual consolidation messages used the 
hops ip address and if it timed out there was no address to use. Now the message uses the groups ip address instead as it will always be present no matter how many hops timeout.
 2007-09-15 13:24:45 +00:00
ejlbell
817f8d9e52 Traceroute: remove empty timed out XML hop elements 2007-08-23 10:07:01 +00:00
kris
0b50c16b38 Adding Snprintf() and Vsnprintf() to nbase/nbase_str.c. This is because of Windows' stupid implementation where it doesn't write a NULL byte at the end of the buffer if the result is truncated. I would've just #defined snprintf and vsnprintf to some wrapper function for Windows, but this doesn't work as libdnet and libpcap (and libpcap includes under mswin32) define snprintf to _snprintf and vsnprintf to _vsnprintf like we do, and through the many defines they end up being available in the Nmap sources. Vsnprintf() uses vsnprintf() (and writes a NULL byte at the end if truncated), and Snprintf uses Vsnprintf(). 2007-08-14 06:46:54 +00:00
fyodor
010c733f50 merge soc07 r5083 - remove old traceroute consolidation examples from docs. The messages are now textual and self explanatory 2007-08-11 05:12:15 +00:00
fyodor
8a3b378695 merge soc07 r4947:4953 - os fingerprinting system improvements, trivial traceroute.cc grammar tweak 2007-08-11 04:29:03 +00:00
fyodor
ea68216d71 merge soc07 r4943:4947 - added textual information to traceroute's timeout consolidation elements; Reference trace consolidation is now displayed textually instead of symbolically. 2007-08-11 04:27:37 +00:00
fyodor
935b0b78e1 merge soc07 r4914 - dynamic rowed table improvements 2007-08-11 04:19:29 +00:00
fyodor
0b33c98ebb merge soc07 r4896 - Patch to make sure traceroute always displays the last hop, even if consolidation is total 2007-08-11 04:13:07 +00:00
fyodor
8d74bbcd8a merge soc07 r4871:4884 and r4888 - renaming __FUNCTION__ to __func__ and changing hardcoded func names to __func__ 2007-08-11 04:06:09 +00:00
fyodor
1540fe57c4 merge soc07 r4868:4871 - nmapoutputtable dynamic tables and traceroute fixes 2007-08-11 04:02:49 +00:00
fyodor
58522c59f6 merge soc07 r4822 - Reduce the number of build dependencies. 2007-08-11 03:35:46 +00:00
fyodor
58f46706e5 merge soc07 r4751 - UDP traceroute hop distance and port state reason feature 2007-08-11 03:15:24 +00:00
fyodor
b28da59dcb merge from nmap-exp/ejlbell -r4734:4735 Eddie small udp hop guessing fix 2007-05-22 07:59:27 +00:00
fyodor
1a4d120fcb traceroute between multi-homed host fix 2007-05-12 19:35:35 +00:00
kris
fb3486ceb4 Fix Traceroute so that SYN packets are sent with an MSS of 1460 (wasn't passed to build_tcp_raw()) 2007-04-26 01:32:46 +00:00
fyodor
9bc73ed043 Eddie traceroute localhost fix 2007-04-25 21:20:15 +00:00
fyodor
76ecce2f5c eddie's verbose distance fix 2007-04-24 21:44:31 +00:00
fyodor
c9c91eb094 Eddie's traceroute-whitespace patch 2007-04-24 21:40:14 +00:00
kris
6014868986 Tiny patch; removing dup line in traceroute.cc 2007-04-20 16:08:41 +00:00
kris
bc9f545968 Fixing a hard-to-reproduce bug in Traceroute consolidation output where a possibly fully-consolidated host wasn't outputted correctly 2007-04-16 20:31:23 +00:00
kris
8d97612842 Remove test against memory returned by safe_zalloc() in TraceProbe::nameIP() in traceroute.cc. The safe_* memory functions never return NULL. 2007-04-13 16:28:13 +00:00
fyodor
6160feae55 merge Kris's traceroute fix (r4596) 2007-03-20 21:21:07 +00:00
kris
5469ab5f3b Change TRACEROUTE "header" (LOG_PLAIN) to say 'proto' instead of 'port' when we're using the IPProto Scan, or Ping Scan (using something other than TCP or UDP) 2007-03-19 22:34:16 +00:00
kris
e52e2c9f49 Bail out of Traceroute::trace() if no valid targets are available. If we were trying to traceroute a machine that's directly connected, the "Initiating"/"Completed" messages would still appear even though no tracing would be done. 2007-03-19 19:52:41 +00:00
kris
888af63431 Fixing a "bug" in Traceroute output. The ScanProgressMeter's endTask() was never called, which threw the output (stdout/XML etc) out of whack. This localizes the SPM stuff to Traceroute::trace(), and all is well :) 2007-03-18 00:37:33 +00:00
kris
3c28b165a9 Tiny patch. Just fixing capitalization in the traceroute.* "headers" (Traceroute.[cc|h] -> traceroute.[cc|h]) 2007-03-17 15:16:54 +00:00
fyodor
fa2f4720cd re-releasing ALPHA2 as ALPHA3 to fix a packaging problem 2007-03-16 07:47:14 +00:00
fyodor
799599279c traceroute finish() bugfix patch from Eddie 2007-03-15 22:44:01 +00:00
fyodor
149e6a3e96 check in traceroute.cc and traceroute.h 2007-03-15 17:59:35 +00:00