Nmap Development mailing list archives
Missing Sanity Checks in NMAP-6.47
From: Bill Parker <wp02855 () gmail com>
Date: Wed, 3 Jun 2015 13:43:49 -0700
Hello All, In reviewing source code for NMAP-6.47, in directory 'libnetutil', file 'netutil.cc', I located 3 instances of calls to setsockopt() without a corresponding check for a return value of < 0, indicating failure. The patch file below corrects these issues: --- netutil.cc.orig 2015-06-03 12:27:43.558912466 -0700 +++ netutil.cc 2015-06-03 12:46:01.840498407 -0700 @@ -891,7 +891,9 @@ void sethdrinclude(int sd) { #ifdef IP_HDRINCL int one = 1; - setsockopt(sd, IPPROTO_IP, IP_HDRINCL, (const char *) &one, sizeof(one)); + if (setsockopt(sd, IPPROTO_IP, IP_HDRINCL, (const char *) &one, sizeof(one)) < 0) { + netutil_fatal("%s: cannot set options for IP_HDRINCL: %s", __func__, strerror(errno)); + } #endif } @@ -900,7 +902,9 @@ if (sd == -1) return; - setsockopt(sd, IPPROTO_IP, IP_OPTIONS, (const char *) opts, optslen); + if (setsockopt(sd, IPPROTO_IP, IP_OPTIONS, (const char *) opts, optslen) < 0) { + netutil_fatal("%s: cannot set options for IP_OPTIONS: %s", __func__, strerror(errno)); + } #endif } @@ -909,7 +913,9 @@ if (sd == -1) return; - setsockopt(sd, IPPROTO_IP, IP_TTL, (const char *) &ttl, sizeof ttl); + if (setsockopt(sd, IPPROTO_IP, IP_TTL, (const char *) &ttl, sizeof ttl) < 0) { + netutil_fatal("%s: cannot set options for SET_TTL: %s", __func__, strerror(errno)); + } #endif } In directory 'nsock/tests', file 'ghlists.c', I found an instance of calloc() without a check for a return value of NULL, indicating failure. The patch file below corrects this issue: --- ghlists.c.orig 2015-06-03 12:51:33.172609015 -0700 +++ ghlists.c 2015-06-03 13:00:54.760984010 -0700 @@ -29,6 +29,10 @@ struct testlist *tl; tl = calloc(1, sizeof(struct testlist)); + if (tl == NULL) { + fprintf(stderr, "ERROR: Unable to allocate memory to make nodes...\n"); + return NULL; + } tl->val = val; return &tl->lnode; } Feel free to add comments, questions, etc... I am attaching the patch file to this email... Bill Parker (wp02855 at gmail dot com)
Attachment:
netutil.cc.patch
Description:
Attachment:
ghlists.c.patch
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Missing Sanity Checks in NMAP-6.47 Bill Parker (Jun 03)