Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Missing Sanity Checks in NMAP-6.47

From: Bill Parker <wp02855 () gmail com>
Date: Wed, 3 Jun 2015 13:43:49 -0700
Hello All,

   In reviewing source code for NMAP-6.47, in directory 'libnetutil',
file 'netutil.cc', I located 3 instances of calls to setsockopt() without
a corresponding check for a return value of < 0, indicating failure.

The patch file below corrects these issues:

--- netutil.cc.orig     2015-06-03 12:27:43.558912466 -0700
+++ netutil.cc  2015-06-03 12:46:01.840498407 -0700
@@ -891,7 +891,9 @@
 void sethdrinclude(int sd) {
 #ifdef IP_HDRINCL
   int one = 1;
-  setsockopt(sd, IPPROTO_IP, IP_HDRINCL, (const char *) &one, sizeof(one));
+  if (setsockopt(sd, IPPROTO_IP, IP_HDRINCL, (const char *) &one,
sizeof(one)) < 0) {
+    netutil_fatal("%s: cannot set options for IP_HDRINCL: %s", __func__,
strerror(errno));
+  }
 #endif
 }

@@ -900,7 +902,9 @@
   if (sd == -1)
     return;

-  setsockopt(sd, IPPROTO_IP, IP_OPTIONS, (const char *) opts, optslen);
+  if (setsockopt(sd, IPPROTO_IP, IP_OPTIONS, (const char *) opts, optslen)
< 0) {
+    netutil_fatal("%s: cannot set options for IP_OPTIONS: %s", __func__,
strerror(errno));
+  }
 #endif
 }

@@ -909,7 +913,9 @@
   if (sd == -1)
     return;

-  setsockopt(sd, IPPROTO_IP, IP_TTL, (const char *) &ttl, sizeof ttl);
+  if (setsockopt(sd, IPPROTO_IP, IP_TTL, (const char *) &ttl, sizeof ttl)
< 0) {
+    netutil_fatal("%s: cannot set options for SET_TTL: %s", __func__,
strerror(errno));
+  }
 #endif
 }

In directory 'nsock/tests', file 'ghlists.c', I found an instance of
calloc() without a check for a return value of NULL, indicating failure.

The patch file below corrects this issue:

--- ghlists.c.orig      2015-06-03 12:51:33.172609015 -0700
+++ ghlists.c   2015-06-03 13:00:54.760984010 -0700
@@ -29,6 +29,10 @@
   struct testlist *tl;

   tl = calloc(1, sizeof(struct testlist));
+  if (tl == NULL) {
+    fprintf(stderr, "ERROR: Unable to allocate memory to make nodes...\n");
+    return NULL;
+  }
   tl->val = val;
   return &tl->lnode;
 }

Feel free to add comments, questions, etc...

I am attaching the patch file to this email...

Bill Parker (wp02855 at gmail dot com)

Attachment: netutil.cc.patch
Description:

Attachment: ghlists.c.patch
Description: 

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: