Home page logo
/

nmap-dev logo Nmap Development mailing list archives

-p option doesn't reject certain invalid inputs
From: David Fifield <david () bamsoftware com>
Date: Wed, 28 May 2008 08:49:22 -0600

Hello,

I found that the -p option doesn't reject stray ] characters in its
input, and in fact ignores anything after it finds one.

~$ nmap -p 123,4 localhost
Interesting ports on localhost (127.0.0.1):
PORT    STATE  SERVICE
4/tcp   closed unknown
123/tcp closed ntp

~$ nmap -p 123]4 localhost
Interesting ports on localhost (127.0.0.1):
PORT    STATE  SERVICE
123/tcp closed ntp

~$ nmap -p 123]]4 localhost
Interesting ports on localhost (127.0.0.1):
PORT    STATE  SERVICE
123/tcp closed ntp

The only way I could get it to complain was if the ] is the first
character.

~$ nmap -p ]123,4 localhost
Unexpected ] character in port/protocol specification
QUITTING!

It seems to be caused by this in nmap.cc:

    /* Find the next range */
    while(isspace((int) *current_range)) current_range++;

    if (*current_range == ']') return;

    if (*current_range && *current_range != ',') {

The test for (*current_range == ']') should probably be accompanied by a
test to see if the call is nested or not.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault