Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: nmap 4.50 and 4.60: little display error
From: "Andrew J. Bennieston" <harriergr7 () gmail com>
Date: Tue, 08 Apr 2008 21:37:04 +0100

David Fifield wrote:
On Tue, Apr 08, 2008 at 09:21:19PM +0200, sfijn () xs4all nl wrote:
Hi nmap-dev

I came across a little error in nmap: it seems to drop the last decimal of
the IP address.
Discovered in version 4.50, upgraded to 4.60 but still the same.

--------------------------
F:\WINNT>nmap -vv -PN -sI 192.168.40.24 192.168.40.129

Starting Nmap 4.60 ( http://insecure.org ) at 2008-04-08 21:06 Hora de
verano romance
Initiating ARP Ping Scan at 21:06
Scanning 192.168.40.129 [1 port]
Completed ARP Ping Scan at 21:06, 0.09s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 21:06
Completed Parallel DNS resolution of 1 host. at 21:06, 0.02s elapsed

Initiating idle scan against 192.168.40.12 at 21:06 <<======`9?MISSING

Idle scan zombie 192.168.40.24 (192.168.40.24) port 80 cannot be used
because it has not returned any of our probes -- perhaps it is down or
fire
walled.
QUITTING!

Thanks Stephen. There was not enough space allocated to show the IP
address, so sometimes it was truncated. I committed a fix that just
increases the size of the buffer.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


I was bored, so I've created the patch below to cause the scanname buffer (idlescan.cc:991) to be dynamically allocated with a size large enough to contain the text "idle scan against " followed by the full contents of target->NameIP(). This means it'll never truncate the output, at the expense of
[1] A malloc() where one isn't really required other than for aesthetics
[2] The possibility that a (very, very) long DNS entry could use a lot of memory here!

Extending the buffer size is a pretty good solution, I'm submitting this on the off-chance that aesthetics matter sufficiently! It's a patch against the nmap-4.60 release tarball.

Andrew J. Bennieston
diff -u nmap-4.60-old/idle_scan.cc nmap-4.60/idle_scan.cc
--- nmap-4.60-old/idle_scan.cc  2008-02-28 18:52:06.000000000 +0000
+++ nmap-4.60/idle_scan.cc      2008-04-08 21:20:26.625913874 +0100
@@ -988,10 +988,13 @@
   int portidx = 0; /* Used for splitting the port array into chunks */
   int portsleft;
   time_t starttime;
-  char scanname[32];
-  Snprintf(scanname, sizeof(scanname), "idle scan against %s", target->NameIP());
+  int scanname_len = 19+strlen(target->NameIP());
+  char *scanname = (char*)malloc(scanname_len);
+  Snprintf(scanname, scanname_len, "idle scan against %s", target->NameIP());
   ScanProgressMeter SPM(scanname);
 
+  free(scanname); /* If this is too soon, could move it to the end, but there are no further references */
+
   if (numports == 0) return; /* nothing to scan for */
   if (!proxyName) fatal("idle scan requires a proxy host");
 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]