Nmap Development mailing list archives
Re: [nmap-svn] r36293 - nmap
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 19 Sep 2016 11:40:49 -0500
David, This is more complicated than I thought. We want to support all the named protocols, but some of those start with capital letters and others start with digits (3com-tsmux, 914c-g, etc.). Even worse, some start with digits followed by hyphen (802-11-iapp, 4-tieropmgw, and 4-tieropmcli). Here's a selection of services that currently are not handled properly: 914c-g 211/tcp 0.000427 # 914c/g | Texas Instruments 914C/G Terminal IIS 1027/tcp 0.006724 # 6a44 | IPv6 Behind NAT44 CPEs 4-tieropmgw 2933/tcp 0.000000 # 4-TIER OPM GW 802-11-iapp 3517/tcp 0.000228 # IEEE 802.11 WLANs WG IAPP 3exmp 5221/tcp 0.000228 # 3eTI Extensible Management Protocol for OAMP X11:1 6001/tcp 0.011730 # X Window server SunVTS-RMI 6483/tcp 0.000000 # SunVTS RMI Trinoo_Bcast 27444/udp 0.001554 # Trinoo distributed attack tool Master I think these cover most of the odd cases. I thought maybe we could unconditionally attempt a strtol and then check the next character to determine if it should be treated as a port number or as part of a name, but that does not account for 802-11-iapp. Maybe instead do a last-ditch effort to look up a service if the parsing failed? Dan On Sun, Sep 18, 2016 at 3:42 PM, <commit-mailer () nmap org> wrote:
Author: david Date: Sun Sep 18 13:42:56 2016 New Revision: 36293 Log: Avoid eating 'T' 'U' 'S' 'P' not followed by ':' in getpts. On reading 'T', 'U', 'S', or 'P', getpts_aux would unconditionally consume the character before checking to see whether it was followed by a ':'. You could insert 'T', 'U', 'S', or 'P' in several places and it would just be ignored, which is different treatment than other letters got. Behavior before: nmap -p 9 # scans port 9 nmap -p discard # scans port 9 nmap -p Tdiscard # scans port 9 nmap -p T:Tdiscard # scans port 9 nmap -p Tdi*ard # scans port 9 nmap -p Xdiscard # Error #485: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-" Behavior after: nmap -p 9 # scans port 9 nmap -p discard # scans port 9 nmap -p Tdiscard # Error #485: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-" nmap -p T:Tdiscard # Error #485: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-" nmap -p Tdi*ard # Error #485: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-" nmap -p Xdiscard # Error #485: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-" Modified: nmap/CHANGELOG nmap/nmap.cc Modified: nmap/CHANGELOG ============================================================ ================== --- nmap/CHANGELOG (original) +++ nmap/CHANGELOG Sun Sep 18 13:42:56 2016 @@ -1,5 +1,9 @@ # Nmap Changelog ($Id$); -*-text-*- +o Fixed a bug in port specification parsing that could cause extraneous + 'T', 'U', 'S', and 'P' characters to be ignored when they should have + caused an error. [David Fifield] + o [GH#543] Restored compatibility with LibreSSL, which was lost in adding library version checks for OpenSSL 1.1. [Wonko7] Modified: nmap/nmap.cc ============================================================ ================== --- nmap/nmap.cc (original) +++ nmap/nmap.cc Sun Sep 18 13:42:56 2016 @@ -1569,7 +1569,7 @@ } // Uncomment the following line to use the common lisp port spec test suite - //printf("port spec: (%d %d %d %d)\n", ports.tcp_count, ports.udp_count, ports.sctp_count, ports.prot_count); exit(0); + printf("port spec: (%d %d %d %d)\n", ports.tcp_count, ports.udp_count, ports.sctp_count, ports.prot_count); exit(0); #ifdef WIN32 if (o.sendpref & PACKET_SEND_IP) { @@ -2668,23 +2668,23 @@ current_range++; /* I don't know why I should allow spaces here, but I will */ if (change_range_type) { - if (*current_range == 'T' && *++current_range == ':') { - current_range++; + if (*current_range == 'T' && *(current_range+1) == ':') { + current_range += 2; range_type = SCAN_TCP_PORT; continue; } - if (*current_range == 'U' && *++current_range == ':') { - current_range++; + if (*current_range == 'U' && *(current_range+1) == ':') { + current_range += 2; range_type = SCAN_UDP_PORT; continue; } - if (*current_range == 'S' && *++current_range == ':') { - current_range++; + if (*current_range == 'S' && *(current_range+1) == ':') { + current_range += 2; range_type = SCAN_SCTP_PORT; continue; } - if (*current_range == 'P' && *++current_range == ':') { - current_range++; + if (*current_range == 'P' && *(current_range+1) == ':') { + current_range += 2; range_type = SCAN_PROTOCOLS; continue; } _______________________________________________ Sent through the svn mailing list https://nmap.org/mailman/listinfo/svn
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap-svn] r36293 - nmap Daniel Miller (Sep 19)
- Re: [nmap-svn] r36293 - nmap David Fifield (Sep 19)