Nmap Development mailing list archives

-p option doesn't reject certain invalid inputs

From: David Fifield <david () bamsoftware com>
Date: Wed, 28 May 2008 08:49:22 -0600

Hello,

I found that the -p option doesn't reject stray ] characters in its
input, and in fact ignores anything after it finds one.

~$ nmap -p 123,4 localhost
Interesting ports on localhost (127.0.0.1):
PORT    STATE  SERVICE
4/tcp   closed unknown
123/tcp closed ntp

~$ nmap -p 123]4 localhost
Interesting ports on localhost (127.0.0.1):
PORT    STATE  SERVICE
123/tcp closed ntp

~$ nmap -p 123]]4 localhost
Interesting ports on localhost (127.0.0.1):
PORT    STATE  SERVICE
123/tcp closed ntp

The only way I could get it to complain was if the ] is the first
character.

~$ nmap -p ]123,4 localhost
Unexpected ] character in port/protocol specification
QUITTING!

It seems to be caused by this in nmap.cc:

    /* Find the next range */
    while(isspace((int) *current_range)) current_range++;

    if (*current_range == ']') return;

    if (*current_range && *current_range != ',') {

The test for (*current_range == ']') should probably be accompanied by a
test to see if the call is nested or not.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

-p option doesn't reject certain invalid inputs David Fifield (May 28)
- Re: -p option doesn't reject certain invalid inputs doug (May 28)