Nmap Development mailing list archives
Re: nmap 4.50 and 4.60: little display error
From: "Andrew J. Bennieston" <harriergr7 () gmail com>
Date: Tue, 08 Apr 2008 21:37:04 +0100
David Fifield wrote:
On Tue, Apr 08, 2008 at 09:21:19PM +0200, sfijn () xs4all nl wrote:Hi nmap-dev I came across a little error in nmap: it seems to drop the last decimal of the IP address. Discovered in version 4.50, upgraded to 4.60 but still the same. -------------------------- F:\WINNT>nmap -vv -PN -sI 192.168.40.24 192.168.40.129 Starting Nmap 4.60 ( http://insecure.org ) at 2008-04-08 21:06 Hora de verano romance Initiating ARP Ping Scan at 21:06 Scanning 192.168.40.129 [1 port] Completed ARP Ping Scan at 21:06, 0.09s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 21:06 Completed Parallel DNS resolution of 1 host. at 21:06, 0.02s elapsed Initiating idle scan against 192.168.40.12 at 21:06 <<======`9?MISSING Idle scan zombie 192.168.40.24 (192.168.40.24) port 80 cannot be used because it has not returned any of our probes -- perhaps it is down or fire walled. QUITTING!Thanks Stephen. There was not enough space allocated to show the IP address, so sometimes it was truncated. I committed a fix that just increases the size of the buffer. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
I was bored, so I've created the patch below to cause the scanname buffer (idlescan.cc:991) to be dynamically allocated with a size large enough to contain the text "idle scan against " followed by the full contents of target->NameIP(). This means it'll never truncate the output, at the expense of
[1] A malloc() where one isn't really required other than for aesthetics[2] The possibility that a (very, very) long DNS entry could use a lot of memory here!
Extending the buffer size is a pretty good solution, I'm submitting this on the off-chance that aesthetics matter sufficiently! It's a patch against the nmap-4.60 release tarball.
Andrew J. Bennieston
diff -u nmap-4.60-old/idle_scan.cc nmap-4.60/idle_scan.cc
--- nmap-4.60-old/idle_scan.cc 2008-02-28 18:52:06.000000000 +0000
+++ nmap-4.60/idle_scan.cc 2008-04-08 21:20:26.625913874 +0100
@@ -988,10 +988,13 @@
int portidx = 0; /* Used for splitting the port array into chunks */
int portsleft;
time_t starttime;
- char scanname[32];
- Snprintf(scanname, sizeof(scanname), "idle scan against %s", target->NameIP());
+ int scanname_len = 19+strlen(target->NameIP());
+ char *scanname = (char*)malloc(scanname_len);
+ Snprintf(scanname, scanname_len, "idle scan against %s", target->NameIP());
ScanProgressMeter SPM(scanname);
+ free(scanname); /* If this is too soon, could move it to the end, but there are no further references */
+
if (numports == 0) return; /* nothing to scan for */
if (!proxyName) fatal("idle scan requires a proxy host");
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- nmap 4.50 and 4.60: little display error sfijn (Apr 08)
- Re: nmap 4.50 and 4.60: little display error David Fifield (Apr 08)
- Re: nmap 4.50 and 4.60: little display error Andrew J. Bennieston (Apr 08)
- Re: nmap 4.50 and 4.60: little display error David Fifield (Apr 08)