Re: ncat minor patches

[David Fifield <david () bamsoftware com>]

On Fri, Apr 24, 2009 at 09:12:00PM +0300, ithilgore wrote:
> I 've been reading through the ncat code and made some minor fixes
> on some things that I stumbled upon. 
>
> 1. Replaced all instances of sys_wrap's Malloc with nbase's safe_malloc,
> since safe_malloc does essentially the same thing and is used throughout
> all of nmap's codebase.
>
> 2. Replaced all instances of strdup with sys_wrap's Strdup for consistency.
>
> 3. Removed a redundant check in ncat_main.c 
>
>     /* Set the default to IPv4 if not explicitly specified. */
>     if (o.af != AF_INET && o.af != AF_INET6)
>         o.af = AF_INET;
>
> o.af is initialized to AF_INET with options_init() which is called in the
> beginning of main()

These changes all look good to me.

> In addition, I think all atoi instances should be replaced with something
> like strtol since atoi is deprecated and doesn't do any error-checking for
> input that is not actually a digit.

I agree. There is a function parse_long in util.c that does integer
parsing using strtol. It allows only nonnegative decimal integers, with
no preceding whitespace or sign. It's intended for things like port
number parsing, where "1.2.3.4: 80" and "1.2.3.4:+80" should be syntax
errors, but it is also appropriate for things like the argument to
--max-conns, currently parsed with atoi.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org