Re: [PATCH] Prevent execution of unintended Nmap scans when invalid targets are specified.

[David Fifield <david () bamsoftware com>]

On Thu, May 07, 2009 at 01:31:25AM +0100, jah wrote:
> Hi folks,
>
> The command:
>
> nmap #192.168.1.1
>
> will result in a scan against 0.168.1.1.
>
> A command such as
> nmap 192.168.1.0/
> or
> nmap 192.168.1.0/ab
> will be interpreted as having a netmask of zero causing nmap to scan the
> IPv4 internet (which is fun!).

Nice job. I found some other weird syntax that Nmap supports while I was
working on Ncat --allow and --deny.

http://seclists.org/nmap-dev/2009/q1/0451.html

Thanks, from your report I found that Ncat also took "1.2.3.4/" to mean
"1.2.3.4/0". That is fixed now.

I like the patch but I would like the netmask checking done with strtol
rather than manually checking that every byte is a digit. strtol also
checks for things like overflow. There's a function, parse_long, in
ncat/utils.c that I use to parse integers that shouldn't be allowed to
have a sign or any other accoutrements. ncat/ncat_hostmatch.c has
examples of error checking.

Please feel free to check in your identation fixes separately from the
functional change.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org