Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: build_icmp_raw and friends ignoring data

From: Shinnok <admin () shinnok com>
Date: Sat, 18 Jun 2011 14:26:05 +0300
Hi David,

On 06/18/2011 02:38 AM, David Fifield wrote:

I found that build_icmp_raw, build_igmp_raw, and possibly others are not
filling in the payload data that they are being called with. Instead,
they are reserving the requested number of bytes but filling them with
zeroes. The upper layer feeds in random bytes from --data-length.



It's fixed now in r24127. Besides build_icmp_raw and buld_igmp_raw I
couldn't find any other build_* that ignored the supplied data buffer.

Here is the commit log and diff:

Author: shinnok
Date: Sat Jun 18 04:20:54 2011
New Revision: 24127

Log:
Fix build_icmp_raw and build_igmp_raw filling the packet data payload with
zeroes instead of the supplied random data, when nmap is invoked with
--data-length.

Modified:
   nmap/tcpip.cc

Modified: nmap/tcpip.cc
==============================================================================
--- nmap/tcpip.cc       (original)
+++ nmap/tcpip.cc       Sat Jun 18 04:20:54 2011
@@ -613,7 +613,7 @@
               tos, ipid, df ? IP_DF : 0, myttl, proto, source, victim);

   /* We should probably copy the data over too */
-  if (data)
+  if (data && datalen)
     memcpy((u8 *) ip + sizeof(struct ip) + ipoptlen, data, datalen);

   *outpacketlen = packetlen;
@@ -1030,9 +1030,10 @@
     fatal("Unknown icmp type/code (%d/%d) in %s", ptype, pcode, __func__);
   }

-  if (datalen > 0) {
+  /* Copy the data over too */
+  if (data && datalen) {
     icmplen += MIN(dlen, datalen);
-    memset(datastart, 0, MIN(dlen, datalen));
+    memcpy(datastart, data, MIN(dlen, datalen));
   }

   /* Fill out the ping packet. All the ICMP types handled by this
function have
@@ -1138,9 +1139,10 @@
     fatal("Unknown igmp type (%d) in %s", ptype, __func__);
   }

-  if (datalen > 0) {
+  /* Copy the data over too */
+  if (data && datalen) {
     igmplen += MIN(dlen, datalen);
-    memset(datastart, 0, MIN(dlen, datalen));
+    memcpy(datastart, data, MIN(dlen, datalen));
   }

   igmp.igmp_cksum = 0;
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: