mailing list archives
Re: [PATCH] Prevent execution of unintended Nmap scans when invalid targets are specified.
From: David Fifield <david () bamsoftware com>
Date: Tue, 12 May 2009 11:02:57 -0600
On Thu, May 07, 2009 at 01:31:25AM +0100, jah wrote:
will result in a scan against 0.168.1.1.
A command such as
will be interpreted as having a netmask of zero causing nmap to scan the
IPv4 internet (which is fun!).
Nice job. I found some other weird syntax that Nmap supports while I was
working on Ncat --allow and --deny.
Thanks, from your report I found that Ncat also took "220.127.116.11/" to mean
"18.104.22.168/0". That is fixed now.
I like the patch but I would like the netmask checking done with strtol
rather than manually checking that every byte is a digit. strtol also
checks for things like overflow. There's a function, parse_long, in
ncat/utils.c that I use to parse integers that shouldn't be allowed to
have a sign or any other accoutrements. ncat/ncat_hostmatch.c has
examples of error checking.
Please feel free to check in your identation fixes separately from the
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org