Nmap Development mailing list archives
Re: build_icmp_raw and friends ignoring data
From: Shinnok <admin () shinnok com>
Date: Sat, 18 Jun 2011 14:26:05 +0300
Hi David, On 06/18/2011 02:38 AM, David Fifield wrote:
I found that build_icmp_raw, build_igmp_raw, and possibly others are not filling in the payload data that they are being called with. Instead, they are reserving the requested number of bytes but filling them with zeroes. The upper layer feeds in random bytes from --data-length.
It's fixed now in r24127. Besides build_icmp_raw and buld_igmp_raw I couldn't find any other build_* that ignored the supplied data buffer. Here is the commit log and diff: Author: shinnok Date: Sat Jun 18 04:20:54 2011 New Revision: 24127 Log: Fix build_icmp_raw and build_igmp_raw filling the packet data payload with zeroes instead of the supplied random data, when nmap is invoked with --data-length. Modified: nmap/tcpip.cc Modified: nmap/tcpip.cc ============================================================================== --- nmap/tcpip.cc (original) +++ nmap/tcpip.cc Sat Jun 18 04:20:54 2011 @@ -613,7 +613,7 @@ tos, ipid, df ? IP_DF : 0, myttl, proto, source, victim); /* We should probably copy the data over too */ - if (data) + if (data && datalen) memcpy((u8 *) ip + sizeof(struct ip) + ipoptlen, data, datalen); *outpacketlen = packetlen; @@ -1030,9 +1030,10 @@ fatal("Unknown icmp type/code (%d/%d) in %s", ptype, pcode, __func__); } - if (datalen > 0) { + /* Copy the data over too */ + if (data && datalen) { icmplen += MIN(dlen, datalen); - memset(datastart, 0, MIN(dlen, datalen)); + memcpy(datastart, data, MIN(dlen, datalen)); } /* Fill out the ping packet. All the ICMP types handled by this function have @@ -1138,9 +1139,10 @@ fatal("Unknown igmp type (%d) in %s", ptype, __func__); } - if (datalen > 0) { + /* Copy the data over too */ + if (data && datalen) { igmplen += MIN(dlen, datalen); - memset(datastart, 0, MIN(dlen, datalen)); + memcpy(datastart, data, MIN(dlen, datalen)); } igmp.igmp_cksum = 0; _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- build_icmp_raw and friends ignoring data David Fifield (Jun 17)
- Re: build_icmp_raw and friends ignoring data Shinnok (Jun 18)
- Re: build_icmp_raw and friends ignoring data David Fifield (Jun 18)
- Re: build_icmp_raw and friends ignoring data Shinnok (Jun 18)