PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 04:09:01 +00:00
Code Issues Projects Releases Wiki Activity
Files
b2a1ff8e54aaefb70a52e9b3d20adb4f228f8ea3
nmap/nping/common_modified.cc
david b2a1ff8e54 Fix broken protocol lookup. 
For some reason (probably by imitation of nmap_getservbyport), protocol
numbers, which are byte values 0–255, had htons called on them after
being read from nmap-protocols. On little-endian platforms, this turned
them into integers 0x0100, 0x0200, 0x0300, etc.

protocol_table is supposed to be an array of 256 linked lists, linking
all the protocol names of the same number. Because of the above htons
conversion, all protocols mapped to bucket 0 on lookup instead. Perhaps
in an attempt to work around this broken lookup, all protocols were
inserted into bucket 0 on init; all other buckets were empty. This
worked on little-endian platforms, but on big-endian platforms where
htons is a no-op, all protocol numbers but 0 mapped to an empty linked
list.

Remove all the htons stuff and just look things up by integers. Use the
same mapping on initial insertion and on lookup, so that the buckets are
acutally populated.

This was noticed by hejianet.
http://seclists.org/nmap-dev/2012/q3/1005
2012-09-25 05:08:09 +00:00

816 lines
30 KiB
C++
Raw Blame History

/***************************************************************************
* common_modified.cc -- This file holds all those functions and classes *
* that have been reused from nmap's code but that needed to be modified *
* in order to reuse them. *
* *
***********************IMPORTANT NMAP LICENSE TERMS************************
* *
* The Nmap Security Scanner is (C) 1996-2012 Insecure.Com LLC. Nmap is *
* also a registered trademark of Insecure.Com LLC. This program is free *
* software; you may redistribute and/or modify it under the terms of the *
* GNU General Public License as published by the Free Software *
* Foundation; Version 2 with the clarifications and exceptions described *
* below. This guarantees your right to use, modify, and redistribute *
* this software under certain conditions. If you wish to embed Nmap *
* technology into proprietary software, we sell alternative licenses *
* (contact sales@insecure.com). Dozens of software vendors already *
* license Nmap technology such as host discovery, port scanning, OS *
* detection, version detection, and the Nmap Scripting Engine. *
* *
* Note that the GPL places important restrictions on "derived works", yet *
* it does not provide a detailed definition of that term. To avoid *
* misunderstandings, we interpret that term as broadly as copyright law *
* allows. For example, we consider an application to constitute a *
* "derivative work" for the purpose of this license if it does any of the *
* following: *
* o Integrates source code from Nmap *
* o Reads or includes Nmap copyrighted data files, such as *
* nmap-os-db or nmap-service-probes. *
* o Executes Nmap and parses the results (as opposed to typical shell or *
* execution-menu apps, which simply display raw Nmap output and so are *
* not derivative works.) *
* o Integrates/includes/aggregates Nmap into a proprietary executable *
* installer, such as those produced by InstallShield. *
* o Links to a library or executes a program that does any of the above *
* *
* The term "Nmap" should be taken to also include any portions or derived *
* works of Nmap, as well as other software we distribute under this *
* license such as Zenmap, Ncat, and Nping. This list is not exclusive, *
* but is meant to clarify our interpretation of derived works with some *
* common examples. Our interpretation applies only to Nmap--we don't *
* speak for other people's GPL works. *
* *
* If you have any questions about the GPL licensing restrictions on using *
* Nmap in non-GPL works, we would be happy to help. As mentioned above, *
* we also offer alternative license to integrate Nmap into proprietary *
* applications and appliances. These contracts have been sold to dozens *
* of software vendors, and generally include a perpetual license as well *
* as providing for priority support and updates. They also fund the *
* continued development of Nmap. Please email sales@insecure.com for *
* further information. *
* *
* As a special exception to the GPL terms, Insecure.Com LLC grants *
* permission to link the code of this program with any version of the *
* OpenSSL library which is distributed under a license identical to that *
* listed in the included docs/licenses/OpenSSL.txt file, and distribute *
* linked combinations including the two. You must obey the GNU GPL in all *
* respects for all of the code used other than OpenSSL. If you modify *
* this file, you may extend this exception to your version of the file, *
* but you are not obligated to do so. *
* *
* If you received these files with a written license agreement or *
* contract stating terms other than the terms above, then that *
* alternative license agreement takes precedence over these comments. *
* *
* Source is provided to this software because we believe users have a *
* right to know exactly what a program is going to do before they run it. *
* This also allows you to audit the software for security holes (none *
* have been found so far). *
* *
* Source code also allows you to port Nmap to new platforms, fix bugs, *
* and add new features. You are highly encouraged to send your changes *
* to nmap-dev@insecure.org for possible incorporation into the main *
* distribution. By sending these changes to Fyodor or one of the *
* Insecure.Org development mailing lists, or checking them into the Nmap *
* source code repository, it is understood (unless you specify otherwise) *
* that you are offering the Nmap Project (Insecure.Com LLC) the *
* unlimited, non-exclusive right to reuse, modify, and relicense the *
* code. Nmap will always be available Open Source, but this is important *
* because the inability to relicense code has caused devastating problems *
* for other Free Software projects (such as KDE and NASM). We also *
* occasionally relicense the code to third parties as discussed above. *
* If you wish to specify special license conditions of your *
* contributions, just say so when you send them. *
* *
* This program is distributed in the hope that it will be useful, but *
* WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
* General Public License v2.0 for more details at *
* http://www.gnu.org/licenses/gpl-2.0.html , or in the COPYING file *
* included with Nmap. *
* *
***************************************************************************/
#include "nping.h"
#include "common.h"
#include "common_modified.h"
#include "output.h"
#include "../libnetutil/netutil.h"
/*****************************************************************************
* STUFF FROM TargetGroup.cc
****************************************************************************
CHANGES:
Modified parse_expr.
Modified get_next_host:
*/
TargetGroup::TargetGroup() {
Initialize();
}
// Bring back (or start with) original state
void TargetGroup::Initialize() {
targets_type = TYPE_NONE;
memset(addresses, 0, sizeof(addresses));
memset(current, 0, sizeof(current));
memset(last, 0, sizeof(last));
ipsleft = 0;
}
/* take the object back to the beginning without (mdmcl)
* reinitalizing the data structures */
int TargetGroup::rewind() {
/* For netmasks we must set the current address to the
* starting address and calculate the ips by distance */
if (targets_type == IPV4_NETMASK) {
currentaddr = startaddr;
if (startaddr.s_addr <= endaddr.s_addr) {
ipsleft = ((unsigned long long) (endaddr.s_addr - startaddr.s_addr)) + 1;
return 0;
}
else
assert(0);
}
/* For ranges, we easily set current to zero and calculate
* the ips by the number of values in the columns */
else if (targets_type == IPV4_RANGES) {
memset((char *)current, 0, sizeof(current));
ipsleft = (unsigned long long) (last[0] + 1) *
(unsigned long long) (last[1] + 1) *
(unsigned long long) (last[2] + 1) *
(unsigned long long) (last[3] + 1);
return 0;
}
#if HAVE_IPV6
/* For IPV6 there is only one address, this function doesn't
* make much sence for IPv6 does it? */
else if (targets_type == IPV6_ADDRESS) {
ipsleft = 1;
return 0;
}
#endif
/* If we got this far there must be an error, wrong type */
return -1;
}
/* For ranges, skip all hosts in an octet, (mdmcl)
* get_next_host should be used for skipping the last octet :-)
* returns: number of hosts skipped */
int TargetGroup::skip_range(_octet_nums octet) {
unsigned long hosts_skipped = 0, /* number of hosts skipped */
oct = 0; /* octect number */
int i = 0; /* simple lcv */
/* This function is only supported for RANGES! */
if (targets_type != IPV4_RANGES)
return -1;
switch (octet) {
case FIRST_OCTET:
oct = 0;
hosts_skipped = (last[1] + 1) * (last[2] + 1) * (last[3] + 1);
break;
case SECOND_OCTET:
oct = 1;
hosts_skipped = (last[2] + 1) * (last[3] + 1);
break;
case THIRD_OCTET:
oct = 2;
hosts_skipped = (last[3] + 1);
break;
default: /* Hmm, how'd you do that */
return -1;
}
/* catch if we try to take more than are left */
assert(ipsleft + 1>= hosts_skipped);
/* increment the next octect that we can above us */
for (i = oct; i >= 0; i--) {
if (current[i] < last[i]) {
current[i]++;
break;
}
else
current[i] = 0;
}
/* reset all the ones below us to zero */
for (i = oct+1; i <= 3; i++) {
current[i] = 0;
}
/* we actually don't skip the current, it was accounted for
* by get_next_host */
ipsleft -= hosts_skipped - 1;
return hosts_skipped;
}
/* Grab the next host from this expression (if any) and updates its internal
state to reflect that the IP was given out. Returns 0 and
fills in ss if successful. ss must point to a pre-allocated
sockaddr_storage structure */
int TargetGroup::get_next_host(struct sockaddr_storage *ss, size_t *sslen) {
int octet;
struct sockaddr_in *sin = (struct sockaddr_in *) ss;
struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) ss;
/* CHANGE: Commented out. See note at the end of the method */
//startover: /* to handle nmap --resume where I have already
// * scanned many of the IPs */
assert(ss);
assert(sslen);
if (ipsleft == 0)
return -1;
if (targets_type == IPV4_NETMASK) {
memset(sin, 0, sizeof(struct sockaddr_in));
sin->sin_family = AF_INET;
*sslen = sizeof(struct sockaddr_in);
#if HAVE_SOCKADDR_SA_LEN
sin->sin_len = *sslen;
#endif
if (currentaddr.s_addr <= endaddr.s_addr) {
sin->sin_addr.s_addr = htonl(currentaddr.s_addr++);
} else {
error("Bogus target structure passed to %s", __func__);
ipsleft = 0;
return -1;
}
}
else if (targets_type == IPV4_RANGES) {
memset(sin, 0, sizeof(struct sockaddr_in));
sin->sin_family = AF_INET;
*sslen = sizeof(struct sockaddr_in);
#if HAVE_SOCKADDR_SA_LEN
sin->sin_len = *sslen;
#endif
//if (o.debugging > 2) { /* CHANGE: Do not use NmapOps and do not use log_Write*/
// log_write(LOG_STDOUT, "doing %d.%d.%d.%d = %d.%d.%d.%d\n", current[0], current[1], current[2], current[3], addresses[0][current[0]],addresses[1][current[1]],addresses[2][current[2]],addresses[3][current[3]]);
//}
//outPrint(DBG_2, "doing %d.%d.%d.%d = %d.%d.%d.%d", current[0], current[1], current[2], current[3], addresses[0][current[0]],addresses[1][current[1]],addresses[2][current[2]],addresses[3][current[3]]);
/* Set the IP to the current value of everything */
sin->sin_addr.s_addr = htonl(addresses[0][current[0]] << 24 |
addresses[1][current[1]] << 16 |
addresses[2][current[2]] << 8 |
addresses[3][current[3]]);
/* Now we nudge up to the next IP */
for(octet = 3; octet >= 0; octet--) {
if (current[octet] < last[octet]) {
/* OK, this is the column I have room to nudge upwards */
current[octet]++;
break;
} else {
/* This octet is finished so I reset it to the beginning */
current[octet] = 0;
}
}
if (octet == -1) {
/* It didn't find anything to bump up, I must have taken the last IP */
assert(ipsleft == 1);
/* So I set current to last with the very final octet up one ... */
/* Note that this may make current[3] == 256 */
current[0] = last[0]; current[1] = last[1];
current[2] = last[2]; current[3] = last[3] + 1;
} else {
assert(ipsleft > 1); /* There must be at least one more IP left */
}
} else {
assert(targets_type == IPV6_ADDRESS);
assert(ipsleft == 1);
#if HAVE_IPV6
*sslen = sizeof(struct sockaddr_in6);
memset(sin6, 0, *sslen);
sin6->sin6_family = AF_INET6;
#ifdef SIN_LEN
sin6->sin6_len = *sslen;
#endif /* SIN_LEN */
memcpy(sin6->sin6_addr.s6_addr, ip6.sin6_addr.s6_addr, 16);
sin6->sin6_scope_id = ip6.sin6_scope_id;
#else
fatal("IPV6 not supported on this platform");
#endif // HAVE_IPV6
}
ipsleft--;
/* CHANGE: These lines have been commented out to make this code
* independent from NmapOps */
/* If we are resuming from a previous scan, we have already finished
scans up to o.resume_ip. */
// if (sin->sin_family == AF_INET && o.resume_ip.s_addr) {
// if (o.resume_ip.s_addr == sin->sin_addr.s_addr)
// o.resume_ip.s_addr = 0; /* So that we will KEEP the next one */
// goto startover; /* Try again */
// }
return 0;
}
/* Returns the last given host, so that it will be given again next
time get_next_host is called. Obviously, you should only call
this if you have fetched at least 1 host since parse_expr() was
called */
int TargetGroup::return_last_host() {
int octet;
ipsleft++;
if (targets_type == IPV4_NETMASK) {
assert(currentaddr.s_addr > startaddr.s_addr);
currentaddr.s_addr--;
} else if (targets_type == IPV4_RANGES) {
for(octet = 3; octet >= 0; octet--) {
if (current[octet] > 0) {
/* OK, this is the column I have room to nudge downwards */
current[octet]--;
break;
} else {
/* This octet is already at the beginning, so I set it to the end */
current[octet] = last[octet];
}
}
assert(octet != -1);
} else {
assert(targets_type == IPV6_ADDRESS);
assert(ipsleft == 1);
}
return 0;
}
/* TODO: WARNING: This functions has been modified for portability. Check
* for label "CHANGE:" in the code to see the actual changes.
*
* UPDATE: Added support for DNS resolution caching. Using function
* gethostbynameCached() instead of gethostbyname()
*/
/* Initializes (or reinitializes) the object with a new expression, such
as 192.168.0.0/16 , 10.1.0-5.1-254 , or fe80::202:e3ff:fe14:1102 .
Returns 0 for success */
int TargetGroup::parse_expr(const char * const target_expr, int af) {
int i=0,j=0,k=0;
int start, end;
char *r,*s, *target_net;
char *addy[5];
char *hostexp = strdup(target_expr);
struct hostent *target;
namedhost = 0;
if (targets_type != TYPE_NONE)
Initialize();
ipsleft = 0;
if (af == AF_INET) {
if (strchr(hostexp, ':'))
fatal("Invalid host expression: %s -- colons only allowed in IPv6 addresses, and then you need the -6 switch", hostexp);
/*struct in_addr current_in;*/
addy[0] = addy[1] = addy[2] = addy[3] = addy[4] = NULL;
addy[0] = r = hostexp;
/* First we break the expression up into the four parts of the IP address
+ the optional '/mask' */
target_net = hostexp;
s = strchr(hostexp, '/'); /* Find the slash if there is one */
if (s) {
char *tail;
long netmask_long;
*s = '\0'; /* Make sure target_net is terminated before the /## */
s++; /* Point s at the netmask */
if (!isdigit(*s)) {
error("Illegal netmask value, must be /0 - /32 . Assuming /32 (one host)");
netmask = 32;
} else {
netmask_long = strtol(s, (char**) &tail, 10);
if (*tail != '\0' || tail == s || netmask_long < 0 || netmask_long > 32) {
error("Illegal netmask value, must be /0 - /32 . Assuming /32 (one host)");
netmask = 32;
} else
netmask = (u32) netmask_long;
}
} else
netmask = 32;
for(i=0; *(hostexp + i); i++)
if (isupper((int) *(hostexp +i)) || islower((int) *(hostexp +i))) {
namedhost = 1;
break;
}
if (netmask != 32 || namedhost) {
targets_type = IPV4_NETMASK;
if (!inet_pton(AF_INET, target_net, &(startaddr))) {
/* There is a bug report on the use of gethostbynameCached()
* <http://seclists.org/nmap-dev/2010/q1/803>
* I haven't been able to find any problem with that code but
* still, the fact that DNS queries are cached does not improve
* performance a lot. It may save one DNS query per execution
* in those cases wher NpingOps::validateOptions() grabs the
* first target and uses it to determine output network interface.
* It would also save some queries in the case where a user
* specified the same host twice in the commandlined, something
* that does not make much sense anyway. However, since the call
* to gethostbynameCached() seems to cause denial of service
* for some people, I think it's ok to disable its use for now
* and enable it later if there is a good reason for it.
*
* Luis MartinGarcia. */
//if ((target = gethostbynameCached(target_net))) {
if ((target = gethostbyname(target_net))) {
int count=0;
memcpy(&(startaddr), target->h_addr_list[0], sizeof(struct in_addr));
while (target->h_addr_list[count]) count++;
if (count > 1)
outPrint(DBG_2,"Warning: Hostname %s resolves to %d IPs. Using %s.", target_net, count, inet_ntoa(*((struct in_addr *)target->h_addr_list[0])));
} else {
error("Failed to resolve given hostname/IP: %s. Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges", target_net);
free(hostexp);
return 1;
}
}
if (netmask) {
unsigned long longtmp = ntohl(startaddr.s_addr);
startaddr.s_addr = longtmp & (unsigned long) (0 - (1<<(32 - netmask)));
endaddr.s_addr = longtmp | (unsigned long) ((1<<(32 - netmask)) - 1);
} else {
/* The above calculations don't work for a /0 netmask, though at first
* glance it appears that they would
*/
startaddr.s_addr = 0;
endaddr.s_addr = 0xffffffff;
}
currentaddr = startaddr;
if (startaddr.s_addr <= endaddr.s_addr) {
ipsleft = ((unsigned long long) (endaddr.s_addr - startaddr.s_addr)) + 1;
free(hostexp);
return 0;
}
fprintf(stderr, "Host specification invalid");
free(hostexp);
return 1;
}
else {
targets_type = IPV4_RANGES;
i=0;
while(*r) {
if (*r == '.' && ++i < 4) {
*r = '\0';
addy[i] = r + 1;
}
else if (*r != '*' && *r != ',' && *r != '-' && !isdigit((int)*r))
fatal("Invalid character in host specification. Note in particular that square brackets [] are no longer allowed. They were redundant and can simply be removed.");
r++;
}
if (i != 3) fatal("Invalid target host specification: %s", target_expr);
for(i=0; i < 4; i++) {
j=0;
do {
s = strchr(addy[i],',');
if (s) *s = '\0';
if (*addy[i] == '*') { start = 0; end = 255; }
else if (*addy[i] == '-') {
start = 0;
if (*(addy[i] + 1) == '\0') end = 255;
else end = atoi(addy[i]+ 1);
}
else {
start = end = atoi(addy[i]);
if ((r = strchr(addy[i],'-')) && *(r+1) ) end = atoi(r + 1);
else if (r && !*(r+1)) end = 255;
}
/* if (o.debugging > 2)
* log_write(LOG_STDOUT, "The first host is %d, and the last one is %d\n", start, end); */
if (start < 0 || start > end || start > 255 || end > 255)
fatal("Your host specifications are illegal!");
if (j + (end - start) > 255)
fatal("Your host specifications are illegal!");
for(k=start; k <= end; k++)
addresses[i][j++] = k;
last[i] = j-1;
if (s) addy[i] = s + 1;
} while (s);
}
}
memset((char *)current, 0, sizeof(current));
ipsleft = (unsigned long long) (last[0] + 1) *
(unsigned long long) (last[1] + 1) *
(unsigned long long) (last[2] + 1) *
(unsigned long long) (last[3] + 1);
}
else {
#if HAVE_IPV6
int rc = 0;
assert(af == AF_INET6);
if (strchr(hostexp, '/')) {
fatal("Invalid host expression: %s -- slash not allowed. IPv6 addresses can currently only be specified individually", hostexp);
}
targets_type = IPV6_ADDRESS;
struct addrinfo hints;
struct addrinfo *result = NULL;
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_INET6;
rc = getaddrinfo(hostexp, NULL, &hints, &result);
if (rc != 0 || result == NULL) {
error("Failed to resolve given IPv6 hostname/IP: %s. Note that you can't use '/mask' or '[1-4,7,100-]' style ranges for IPv6. Error code %d: %s", hostexp, rc, gai_strerror(rc));
free(hostexp);
if (result) freeaddrinfo(result);
return 1;
}
assert(result->ai_addrlen == sizeof(struct sockaddr_in6));
struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) result->ai_addr;
memcpy(&ip6, sin6, sizeof(struct sockaddr_in6));
ipsleft = 1;
freeaddrinfo(result);
#else // HAVE_IPV6
fatal("IPv6 not supported on your platform");
#endif // HAVE_IPV6
}
free(hostexp);
return 0;
}
/*****************************************************************************/
/* getpts() and getpts_simple() (see above) are wrappers for this function */
void getpts_aux(const char *origexpr, int nested, u8 *porttbl, int *portwarning) {
long rangestart = -2343242, rangeend = -9324423;
const char *current_range;
char *endptr;
//char servmask[128]; // A protocol name can be up to 127 chars + nul byte
//int i;
/* An example of proper syntax to use in error messages. */
const char *syntax_example;
//if (change_range_type)
// syntax_example = "-100,200-1024,T:3000-4000,U:60000-";
//else
syntax_example = "-100,200-1024,3000-4000,60000-";
current_range = origexpr;
do {
while(isspace((int) *current_range))
current_range++; /* I don't know why I should allow spaces here, but I will */
//if (change_range_type) {
//if (*current_range == 'T' && *++current_range == ':') {
//current_range++;
//range_type = SCAN_TCP_PORT;
//continue;
//}
//if (*current_range == 'U' && *++current_range == ':') {
//current_range++;
//range_type = SCAN_UDP_PORT;
//continue;
//}
//if (*current_range == 'S' && *++current_range == ':') {
//current_range++;
//range_type = SCAN_SCTP_PORT;
//continue;
//}
//if (*current_range == 'P' && *++current_range == ':') {
//current_range++;
//range_type = SCAN_PROTOCOLS;
//continue;
//}
//}
if (*current_range == '[') {
if (nested)
fatal("Can't nest [] brackets in port/protocol specification");
//getpts_aux(++current_range, 1, porttbl, range_type, portwarning);
getpts_aux(++current_range, 1, porttbl, portwarning); // ADDED
// Skip past the ']'. This is OK because we can't nest []s
while(*current_range != ']') current_range++;
current_range++;
// Skip over a following ',' so we're ready to keep parsing
if (*current_range == ',') current_range++;
continue;
} else if (*current_range == ']') {
if (!nested)
fatal("Unexpected ] character in port/protocol specification");
return;
} else if (*current_range == '-') {
//if (range_type & SCAN_PROTOCOLS)
// rangestart = 0;
//else
rangestart = 1;
}
else if (isdigit((int) *current_range)) {
rangestart = strtol(current_range, &endptr, 10);
//if (range_type & SCAN_PROTOCOLS) {
// if (rangestart < 0 || rangestart > 255)
//fatal("Protocols to be scanned must be between 0 and 255 inclusive");
//} else {
if (rangestart < 0 || rangestart > 65535)
fatal("Ports to be scanned must be between 0 and 65535 inclusive");
//}
current_range = endptr;
while(isspace((int) *current_range)) current_range++;
} //else if (islower((int) *current_range) || *current_range == '*' || *current_range == '?') {
//i = 0;
//while (*current_range && !isspace((int)*current_range) && *current_range != ',' && *current_range != ']') {
// servmask[i++] = *(current_range++);
// if (i >= ((int)sizeof(servmask)-1))
// fatal("A service mask in the port/protocol specification is either malformed or too long");
// }
// if (*current_range && *current_range != ']') current_range++; // We want the '] character to be picked up on the next pass
// servmask[i] = '\0'; // Finish the string
//i = addportsfromservmask(servmask, porttbl, range_type);
//if (range_type & SCAN_PROTOCOLS) i += addprotocolsfromservmask(servmask, porttbl);
//if (i == 0)
// fatal("Found no matches for the service mask '%s' and your specified protocols", servmask);
//continue;
/*}*/ else {
fatal("Error #485: Your port specifications are illegal. Example of proper form: \"%s\"", syntax_example);
}
/* Now I have a rangestart, time to go after rangeend */
if (!*current_range || *current_range == ',' || *current_range == ']') {
/* Single port specification */
rangeend = rangestart;
} else if (*current_range == '-') {
current_range++;
if (!*current_range || *current_range == ',' || *current_range == ']') {
/* Ended with a -, meaning up until the last possible port */
//if (range_type & SCAN_PROTOCOLS)
// rangeend = 255;
//else
rangeend = 65535;
} else if (isdigit((int) *current_range)) {
rangeend = strtol(current_range, &endptr, 10);
// if (range_type & SCAN_PROTOCOLS) {
// if (rangeend < 0 || rangeend > 255)
// fatal("Protocols to be scanned must be between 0 and 255 inclusive");
// } else {
if (rangeend < 0 || rangeend > 65535)
fatal("Ports to be scanned must be between 0 and 65535 inclusive");
// }
current_range = endptr;
} else {
fatal("Error #486: Your port specifications are illegal. Example of proper form: \"%s\"", syntax_example);
}
if (rangeend < rangestart) {
//fatal("Your %s range %ld-%ld is backwards. Did you mean %ld-%ld?",
// (range_type & SCAN_PROTOCOLS) ? "protocol" : "port",
// rangestart, rangeend, rangeend, rangestart);
fatal("Your port range %ld-%ld is backwards. Did you mean %ld-%ld?",
rangestart, rangeend, rangeend, rangestart); // ADDED
}
} else {
fatal("Error #487: Your port specifications are illegal. Example of proper form: \"%s\"", syntax_example);
}
/* Now I have a rangestart and a rangeend, so I can add these ports */
while(rangestart <= rangeend) {
if (porttbl[rangestart]) {
if (!(*portwarning)) {
error("WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nping? Have some coffee or grab a RedBull(tm).");
(*portwarning)++;
}
} else {
//if (nested) {
//if ((range_type & SCAN_TCP_PORT) &&
//nmap_getservbyport(htons(rangestart), "tcp")) {
//porttbl[rangestart] |= SCAN_TCP_PORT;
//}
//if ((range_type & SCAN_UDP_PORT) &&
//nmap_getservbyport(htons(rangestart), "udp")) {
//porttbl[rangestart] |= SCAN_UDP_PORT;
//}
//if ((range_type & SCAN_SCTP_PORT) &&
//nmap_getservbyport(htons(rangestart), "sctp")) {
//porttbl[rangestart] |= SCAN_SCTP_PORT;
//}
//if ((range_type & SCAN_PROTOCOLS) &&
//nmap_getprotbynum(rangestart)) {
//porttbl[rangestart] |= SCAN_PROTOCOLS;
//}
//} else {
//porttbl[rangestart] |= range_type;
//}
porttbl[rangestart]=1; // ADDED for NPING
}
rangestart++;
}
/* Find the next range */
while(isspace((int) *current_range)) current_range++;
if (*current_range == ']') {
if (!nested) fatal("Unexpected ] character in port specification");
return;
}
if (*current_range && *current_range != ',') {
fatal("Error #488: Your port specifications are illegal. Example of proper form: \"%s\"", syntax_example);
}
if (*current_range == ',')
current_range++;
} while(current_range && *current_range);
}
/*****************************************************************************/
/* For systems without SCTP in netinet/in.h, such as MacOS X */
#ifndef IPPROTO_SCTP
#define IPPROTO_SCTP 132
#endif
/* IPv6 compatible version of nmap's devname2ipaddr()
* @warning For this to work we need getinterfaces() not to skip IPv6 */
int devname2ipaddr_alt(char *dev, struct sockaddr_storage *addr) {
struct interface_info *mydevs;
struct sockaddr_storage *s=NULL;
struct sockaddr_in *s4=NULL;
struct sockaddr_in6 *s6=NULL;
int numdevs;
int i;
mydevs = getinterfaces(&numdevs, NULL, 0);
if (!mydevs) return -1;
if( !addr || !dev )
fatal("devname2ipaddr(): NULL values supplied.");
for(i=0; i < numdevs; i++) {
s=(struct sockaddr_storage *)&mydevs[i].addr;
s4=(struct sockaddr_in *)&mydevs[i].addr;
s6=(struct sockaddr_in6 *)&mydevs[i].addr;
if (s4->sin_family==AF_INET || s6->sin6_family==AF_INET6){
if (!strcmp(dev, mydevs[i].devfullname)) {
memcpy(addr, s, sizeof(struct sockaddr_storage));
return 0;
}
} else{ /* Unknown family, skipping it... */
continue;
}
}
return -1;
} /* End of devname2ipaddr() */
Reference in New Issue View Git Blame Copy Permalink