|
Nmap Development
mailing list archives
Re: [PATCH] Bugfix to random target generation
From: David Fifield <david () bamsoftware com>
Date: Wed, 26 Nov 2008 16:30:30 -0700
On Sun, Nov 23, 2008 at 12:41:35PM +0000, Jack Grahl wrote:
The patch below fixes what appears to be an error in the function
ip_is_reserved(). The test which has been removed returns true for all
IP addresses of the form *.255.255.255. Either this is a logical error
and the intention was to remove 255.255.255.255 as the comment seems
to indicate, or it was intended to remove all these addresses. If the
first case, the preceding code has in fact already checked for
addresses 255.../8. Removing all addresses *.255.255.255 eliminates
some which are valid hosts, for example 68.255.255.255, hence the
removal.
--- nmap.cc~ 2008-09-10 19:32:35.000000000 +0100
+++ nmap.cc 2008-11-23 11:57:48.000000000 +0000
@@ -424,10 +424,6 @@
if (i1 >= 224)
return 1;
- /* 255.255.255.255, note we already tested for i1 in this range */
- if (i2 == 255 && i3 == 255 && i4 == 255)
- return 1;
-
return 0;
}
Thanks. Your analysis is right, that code doesn't do what the comment
claims. Those lines go back as far in the Subversion repository as I can
track them, back to r2644.
So the question is, what is the intent? If it was to block everything
in *.255.255.255 then just the comment needs to be changed. I would have
thought all those addresses were broadcast addresses, but your
68.255.255.255 has reverse DNS and responds to pings (or something
responds to pings on its behalf). If the intent was to block
255.255.255.255 only, then that's already handled and we should apply
your patch.
David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
|
Intro
