Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [nmap-svn] r31378 - nmap-exp/d33tah/ncat-env-conninfo/ncat
From: Henri Doreau <henri.doreau () gmail com>
Date: Thu, 18 Jul 2013 14:47:16 +0200

2013/7/17 d33 tah <d33tah () gmail com>:
Hi Henri,

+    *env = (LPTSTR) safe_realloc(*env, *env_size+added_value_len);
+    Snprintf(*env + *env_size-1, added_value_len, "%s=%s", name, value);
+    *env_size += added_value_len;
+    (*env)[*env_size] = '\0';
+    (*env)[*env_size-1] = '\0';
Why do you zero the last *two* indices? Safety? You might want to
check/use Snprintf return value too.

As Windows MSDN docs say, the environment description string contains
a NULL-separated array of key=value strings. Its ending is marked by
two NULL bytes - probably one for the end of string, and another to
make next string zero-bytes long.

Thanks, I see.

+static void setup_environment(struct fdinfo *info, LPTSTR* env, int *env_size)
+    char *dest_addr=NULL;
+    char dest_port[10];
+    union sockaddr_u su;
+    unsigned short port;
+    char str[16];
+    char ip[4 * INET6_ADDRSTRLEN];

No idea really. I copied it from here (line 1821):
I'll do some digging about what kind of buffers Ncat uses to represent
IP's - if you know the answer already, I'd be happy to hear it.

There's a comment in inetd.c, according to which this
4*INET6_ADDRSTRLEN is a tradeoff between space and official max
hostname length (in their code, the buffer is susceptible to handle a
hostname too). I believe that INET6_ADDRSTRLEN is big enough in your
case, because you're requesting NI_NUMERICHOST and the getnameinfo
which is provided by nbase doesn't support IPv6... Why I'm insisting
on that is because this strange constant makes code hard to understand
("why 4 times something already larger than needed?"). I wouldn't want
that to end up being a line that noone dares touching, labeled with a
comment like: /* XXX: isn't this too big? */ :)

Finally, and way more important than sizing a buffer, please pay
attention to licensing issues. Nmap license isn't compatible with
GPLv3. I think BSD code is Ok (looks like this inetutils file has
both) but IIRC the BSD header has to be reproduced then. I let fyodor
or someone confirm but you might want to rewrite this code.


Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]