Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: -p option doesn't reject certain invalid inputs
From: doug () hcsw org
Date: Wed, 28 May 2008 15:27:16 -0700

On Wed, May 28, 2008 at 08:49:22AM -0600 or thereabouts, David Fifield wrote:
I found that the -p option doesn't reject stray ] characters in its
input, and in fact ignores anything after it finds one.

Thanks for finding this. I just committed a tiny patch that adds
better error checking:

$ svn diff nmap.cc
Index: nmap.cc
===================================================================
--- nmap.cc     (revision 7740)
+++ nmap.cc     (working copy)
@@ -2321,7 +2321,10 @@
     /* Find the next range */
     while(isspace((int) *current_range)) current_range++;

-    if (*current_range == ']') return;
+    if (*current_range == ']') {
+      if (!nested) fatal("Unexpected ] character in port/protocol specification");
+      return;
+    }

     if (*current_range && *current_range != ',') {
       fatal("Error #488: Your port specifications are illegal.  Example of proper form: \"%s\"", syntax_example);


Doug

Attachment: signature.asc
Description: Digital signature


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault