Nmap Development mailing list archives
Re: -p option doesn't reject certain invalid inputs
From: doug () hcsw org
Date: Wed, 28 May 2008 15:27:16 -0700
On Wed, May 28, 2008 at 08:49:22AM -0600 or thereabouts, David Fifield wrote:
I found that the -p option doesn't reject stray ] characters in its input, and in fact ignores anything after it finds one.
Thanks for finding this. I just committed a tiny patch that adds better error checking: $ svn diff nmap.cc Index: nmap.cc =================================================================== --- nmap.cc (revision 7740) +++ nmap.cc (working copy) @@ -2321,7 +2321,10 @@ /* Find the next range */ while(isspace((int) *current_range)) current_range++; - if (*current_range == ']') return; + if (*current_range == ']') { + if (!nested) fatal("Unexpected ] character in port/protocol specification"); + return; + } if (*current_range && *current_range != ',') { fatal("Error #488: Your port specifications are illegal. Example of proper form: \"%s\"", syntax_example); Doug
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- -p option doesn't reject certain invalid inputs David Fifield (May 28)
- Re: -p option doesn't reject certain invalid inputs doug (May 28)