Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: ncat minor patches
From: David Fifield <david () bamsoftware com>
Date: Fri, 24 Apr 2009 11:46:23 -0600

On Fri, Apr 24, 2009 at 09:12:00PM +0300, ithilgore wrote:
I 've been reading through the ncat code and made some minor fixes
on some things that I stumbled upon. 

1. Replaced all instances of sys_wrap's Malloc with nbase's safe_malloc,
since safe_malloc does essentially the same thing and is used throughout
all of nmap's codebase.

2. Replaced all instances of strdup with sys_wrap's Strdup for consistency.

3. Removed a redundant check in ncat_main.c 

    /* Set the default to IPv4 if not explicitly specified. */
    if (o.af != AF_INET && o.af != AF_INET6)
        o.af = AF_INET;

o.af is initialized to AF_INET with options_init() which is called in the
beginning of main()

These changes all look good to me.

In addition, I think all atoi instances should be replaced with something
like strtol since atoi is deprecated and doesn't do any error-checking for
input that is not actually a digit.

I agree. There is a function parse_long in util.c that does integer
parsing using strtol. It allows only nonnegative decimal integers, with
no preceding whitespace or sign. It's intended for things like port
number parsing, where " 80" and "" should be syntax
errors, but it is also appropriate for things like the argument to
--max-conns, currently parsed with atoi.

David Fifield

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]