CERBERUS/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-05-13 08:46:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Avoid static buffer for protocol hdrinfo functions

Browse source
This commit is contained in:
dmiller 2026-05-12 18:09:00 +00:00
parent 4ba5b9c335
commit 2d46c6b86c
3 changed files with 297 additions and 308 deletions
Download patch file Download diff file Expand all files Collapse all files

15
libnetutil/netutil.h
View file

@ -441,15 +441,20 @@ char *format_ip_options(const u8* ipopt, int ipoptlen);
#define MEDIUM_DETAIL 2
#define HIGH_DETAIL 3
const char *ippackethdrinfo(const u8 *packet, u32 len, int detail);
const char *tcphdrinfo (const u8 *data, unsigned int datalen, int detail,
int tcppackethdrinfo (const u8 *data, unsigned int datalen,
char *outbuf, int outlen, int detail,
int frag_off, const char *srchost, const char *dsthost);
const char *udphdrinfo (const u8 *data, unsigned int datalen, int detail,
int udppackethdrinfo (const u8 *data, unsigned int datalen,
char *outbuf, int outlen, int detail,
int frag_off, const char *srchost, const char *dsthost);
const char *sctphdrinfo (const u8 *data, unsigned int datalen, int detail,
int sctppackethdrinfo (const u8 *data, unsigned int datalen,
char *outbuf, int outlen, int detail,
int frag_off, const char *srchost, const char *dsthost);
const char *icmphdrinfo (const u8 *data, unsigned int datalen, int detail,
int icmppackethdrinfo (const u8 *data, unsigned int datalen,
char *outbuf, int outlen, int detail,
int frag_off, const char *srchost, const char *dsthost);
const char *icmp6hdrinfo (const u8 *data, unsigned int datalen, int detail,
int icmp6packethdrinfo (const u8 *data, unsigned int datalen,
char *outbuf, int outlen, int detail,
int frag_off, const char *srchost, const char *dsthost);

104
libnetutil/packettrace.cc
View file

@ -608,34 +608,32 @@ const char *ippackethdrinfo(const u8 *packet, u32 len, int detail) {
}
}
char *p = protoinfo;
int remains = sizeof(protoinfo);
int used = 0;
if (hdr.proto == IPPROTO_TCP) {
Snprintf(protoinfo, sizeof(protoinfo), "%s IP [%s]", tcphdrinfo(data, datalen, detail, frag_off, srchost, dsthost), ipinfo);
used = tcppackethdrinfo(data, datalen, p, remains, detail, frag_off, srchost, dsthost);
}
else if (hdr.proto == IPPROTO_UDP) {
Snprintf(protoinfo, sizeof(protoinfo), "%s IP [%s]", udphdrinfo(data, datalen, detail, frag_off, srchost, dsthost), ipinfo);
used = udppackethdrinfo(data, datalen, p, remains, detail, frag_off, srchost, dsthost);
}
else if (hdr.proto == IPPROTO_SCTP) {
Snprintf(protoinfo, sizeof(protoinfo), "%s IP [%s]", sctphdrinfo(data, datalen, detail, frag_off, srchost, dsthost), ipinfo);
used = sctppackethdrinfo(data, datalen, p, remains, detail, frag_off, srchost, dsthost);
}
else if (hdr.proto == IPPROTO_ICMP) {
Snprintf(protoinfo, sizeof(protoinfo), "%s IP [%s]", icmphdrinfo(data, datalen, detail, frag_off, srchost, dsthost), ipinfo);
used = icmppackethdrinfo(data, datalen, p, remains, detail, frag_off, srchost, dsthost);
}
else if (hdr.proto == IPPROTO_ICMPV6) {
Snprintf(protoinfo, sizeof(protoinfo), "%s IP [%s]", icmp6hdrinfo(data, datalen, detail, frag_off, srchost, dsthost), ipinfo);
used = icmp6packethdrinfo(data, datalen, p, remains, detail, frag_off, srchost, dsthost);
}
else {
/* UNKNOWN PROTOCOL **********************************************************/
const char *hdrstr;
hdrstr = nexthdrtoa(hdr.proto, 1);
if (hdrstr == NULL || *hdrstr == '\0') {
Snprintf(protoinfo, sizeof(protoinfo), "Unknown protocol (%d) %s > %s: %s",
hdr.proto, srchost, dsthost, ipinfo);
} else {
Snprintf(protoinfo, sizeof(protoinfo), "%s (%d) %s > %s: %s",
hdrstr, hdr.proto, srchost, dsthost, ipinfo);
}
used = Snprintf(p, remains, "%s (%d) %s > %s",
nexthdrtoa(hdr.proto, 1), hdr.proto, srchost, dsthost);
}
p += used;
remains -= used;
Snprintf(p, remains, " IP [%s]", ipinfo);
return protoinfo;
}
@ -657,7 +655,8 @@ static const char *get_addrstr(const char *host, char strbuf[INFO_ADDRSTRLEN])
return host;
}
const char *tcphdrinfo (const u8 *data, unsigned int datalen, int detail,
int tcppackethdrinfo (const u8 *data, unsigned int datalen,
char *outbuf, int outlen, int detail,
int frag_off, const char *srchost, const char *dsthost)
{
char srcstr[INFO_ADDRSTRLEN] = "";
@ -666,7 +665,6 @@ const char *tcphdrinfo (const u8 *data, unsigned int datalen, int detail,
dsthost = get_addrstr(dsthost, dststr);
/* TCP INFORMATION ***********************************************************/
static char protoinfo[512] = "";
char tcpoptinfo[256] = "";
struct tcp_hdr tcp;
@ -683,18 +681,17 @@ const char *tcphdrinfo (const u8 *data, unsigned int datalen, int detail,
* less than 8 bytes. This also includes empty IP packets that say they
* contain a TCP packet. */
if (frag_off > 8 || datalen < 8 || (frag_off % 8 != 0)) {
Snprintf(protoinfo, sizeof(protoinfo), "TCP %s:?? > %s:?? ?? (incomplete)",
return Snprintf(outbuf, outlen, "TCP %s:?? > %s:?? ?? (incomplete)",
srchost, dsthost);
}
/* For all cases after this, datalen is necessarily >= 8 and frag_off is <= 8 */
else {
memcpy((u8 *)&tcp + frag_off, data, MIN(datalen, sizeof(tcp) - frag_off));
/* how much of the original packet do we have? */
int lastbyte = datalen + frag_off;
bool have_seq=false, have_flags_win=false, have_sum_urp=false;
char *p = protoinfo;
int remains = sizeof(protoinfo) - 1;
char *p = outbuf;
int remains = outlen;
int used = 0;
u32 tcpdataoffset = 0;
@ -783,11 +780,11 @@ tcpdone:
remains -= used;
}
assert(remains > 0);
}
return protoinfo;
return outlen - remains;
}
const char *udphdrinfo (const u8 *data, unsigned int datalen, int detail,
int udppackethdrinfo (const u8 *data, unsigned int datalen,
char *outbuf, int outlen, int detail,
int frag_off, const char *srchost, const char *dsthost)
{
char srcstr[INFO_ADDRSTRLEN] = "";
@ -795,31 +792,30 @@ const char *udphdrinfo (const u8 *data, unsigned int datalen, int detail,
srchost = get_addrstr(srchost, srcstr);
dsthost = get_addrstr(dsthost, dststr);
static char protoinfo[512] = "";
/* UDP INFORMATION ***********************************************************/
if((frag_off || datalen < sizeof(struct udp_hdr))) {
Snprintf(protoinfo, sizeof(protoinfo), "UDP %s:?? > %s:?? fragment (incomplete)",
return Snprintf(outbuf, outlen, "UDP %s:?? > %s:?? fragment (incomplete)",
srchost, dsthost);
} else {
}
struct udp_hdr udp;
memcpy(&udp, data, sizeof(udp));
if (detail == LOW_DETAIL) {
Snprintf(protoinfo, sizeof(protoinfo), "UDP %s:%hu > %s:%hu",
return Snprintf(outbuf, outlen, "UDP %s:%hu > %s:%hu",
srchost, (unsigned short) ntohs(udp.uh_sport), dsthost, (unsigned short) ntohs(udp.uh_dport));
} else if (detail == MEDIUM_DETAIL) {
Snprintf(protoinfo, sizeof(protoinfo), "UDP [%s:%hu > %s:%hu csum=0x%04X]",
return Snprintf(outbuf, outlen, "UDP [%s:%hu > %s:%hu csum=0x%04X]",
srchost, (unsigned short) ntohs(udp.uh_sport), dsthost, (unsigned short) ntohs(udp.uh_dport), ntohs(udp.uh_sum));
} else if (detail == HIGH_DETAIL) {
Snprintf(protoinfo, sizeof(protoinfo), "UDP [%s:%hu > %s:%hu len=%hu csum=0x%04X]",
return Snprintf(outbuf, outlen, "UDP [%s:%hu > %s:%hu len=%hu csum=0x%04X]",
srchost, (unsigned short) ntohs(udp.uh_sport), dsthost, (unsigned short) ntohs(udp.uh_dport),
(unsigned short) ntohs(udp.uh_ulen), ntohs(udp.uh_sum));
}
}
return protoinfo;
return 0;
}
const char *sctphdrinfo (const u8 *data, unsigned int datalen, int detail,
int sctppackethdrinfo (const u8 *data, unsigned int datalen,
char *outbuf, int outlen, int detail,
int frag_off, const char *srchost, const char *dsthost)
{
char srcstr[INFO_ADDRSTRLEN] = "";
@ -827,45 +823,45 @@ const char *sctphdrinfo (const u8 *data, unsigned int datalen, int detail,
srchost = get_addrstr(srchost, srcstr);
dsthost = get_addrstr(dsthost, dststr);
static char protoinfo[512] = "";
/* SCTP INFORMATION **********************************************************/
if ((frag_off || datalen < sizeof(struct sctp_hdr))) {
Snprintf(protoinfo, sizeof(protoinfo), "SCTP %s:?? > %s:?? fragment (incomplete)",
return Snprintf(outbuf, outlen, "SCTP %s:?? > %s:?? fragment (incomplete)",
srchost, dsthost);
} else {
}
struct sctp_hdr sctp;
memcpy(&sctp, data, sizeof(sctp));
if (detail == LOW_DETAIL) {
Snprintf(protoinfo, sizeof(protoinfo), "SCTP %s:%hu > %s:%hu",
return Snprintf(outbuf, outlen, "SCTP %s:%hu > %s:%hu",
srchost, (unsigned short) ntohs(sctp.sh_sport), dsthost, (unsigned short) ntohs(sctp.sh_dport));
} else if (detail == MEDIUM_DETAIL) {
Snprintf(protoinfo, sizeof(protoinfo), "SCTP [%s:%hu > %s:%hu csum=0x%08x]",
return Snprintf(outbuf, outlen, "SCTP [%s:%hu > %s:%hu csum=0x%08x]",
srchost, (unsigned short) ntohs(sctp.sh_sport), dsthost, (unsigned short) ntohs(sctp.sh_dport), ntohl(sctp.sh_sum));
} else if (detail == HIGH_DETAIL) {
Snprintf(protoinfo, sizeof(protoinfo), "SCTP [%s:%hu > %s:%hu vtag=%lu csum=0x%08x]",
return Snprintf(outbuf, outlen, "SCTP [%s:%hu > %s:%hu vtag=%lu csum=0x%08x]",
srchost, (unsigned short) ntohs(sctp.sh_sport), dsthost, (unsigned short) ntohs(sctp.sh_dport),
(unsigned long) ntohl(sctp.sh_vtag), ntohl(sctp.sh_sum));
}
}
return protoinfo;
return 0;
}
const char *icmphdrinfo (const u8 *data, unsigned int datalen, int detail,
int icmppackethdrinfo (const u8 *data, unsigned int datalen,
char *outbuf, int outlen, int detail,
int frag_off, const char *srchost, const char *dsthost)
{
if (srchost == NULL)
srchost = "??";
if (dsthost == NULL)
dsthost = "??";
static char protoinfo[512] = "";
char icmptype[128] = ""; /* Temp info about ICMP type & code */
char icmpfields[256] = ""; /* Temp info for various ICMP fields */
/* ICMP INFORMATION **********************************************************/
if((frag_off || datalen < sizeof(struct icmp_hdr))) {
Snprintf(protoinfo, sizeof(protoinfo), "ICMP %s > %s fragment (incomplete)",
return Snprintf(outbuf, outlen, "ICMP %s > %s fragment (incomplete)",
srchost, dsthost);
} else {
}
struct ip_hdr ip2; /* Points to the IP datagram carried by some ICMP messages */
char *ip2dst; /* Dest IP in caried IP datagram */
char auxbuff[128]; /* Aux buffer */
@ -1142,43 +1138,41 @@ const char *icmphdrinfo (const u8 *data, unsigned int datalen, int detail,
icmpbad:
if (icmptype[0] != '\0') {
/* We still have this information */
Snprintf(protoinfo, sizeof(protoinfo), "ICMP %s > %s %s (type=%d/code=%d)",
return Snprintf(outbuf, outlen, "ICMP %s > %s %s (type=%d/code=%d)",
srchost, dsthost, icmptype, icmp.icmp_type, icmp.icmp_code);
} else {
Snprintf(protoinfo, sizeof(protoinfo), "ICMP %s > %s [??]",
return Snprintf(outbuf, outlen, "ICMP %s > %s [??]",
srchost, dsthost);
}
} else {
char icmpinfo[512] = ""; /* Temp info about ICMP. */
sprintf(icmpinfo,"type=%d/code=%d", icmp.icmp_type, icmp.icmp_code);
Snprintf(protoinfo, sizeof(protoinfo), "ICMP [%s > %s %s (%s) %s]",
return Snprintf(outbuf, outlen, "ICMP [%s > %s %s (%s) %s]",
srchost, dsthost, icmptype, icmpinfo, icmpfields);
}
}
return protoinfo;
}
const char *icmp6hdrinfo (const u8 *data, unsigned int datalen, int detail,
int icmp6packethdrinfo (const u8 *data, unsigned int datalen,
char *outbuf, int outlen, int detail,
int frag_off, const char *srchost, const char *dsthost)
{
if (srchost == NULL)
srchost = "??";
if (dsthost == NULL)
dsthost = "??";
static char protoinfo[512] = "";
if (frag_off || datalen < sizeof(struct icmpv6_hdr)) {
Snprintf(protoinfo, sizeof(protoinfo), "ICMPv6 %s > %s (type=?/code=?)",
return Snprintf(outbuf, outlen, "ICMPv6 %s > %s (type=?/code=?)",
srchost, dsthost);
}
else {
const struct icmpv6_hdr *icmpv6;
icmpv6 = (struct icmpv6_hdr *) data;
Snprintf(protoinfo, sizeof(protoinfo), "ICMPv6 %s > %s (type=%d/code=%d)",
return Snprintf(outbuf, outlen, "ICMPv6 %s > %s (type=%d/code=%d)",
srchost, dsthost,
icmpv6->icmpv6_type, icmpv6->icmpv6_code);
}
return protoinfo;
}

18
nping/utils_net.cc
View file

@ -904,37 +904,27 @@ int arppackethdrinfo(const u8 *packet, u32 len, u8 *dstbuff, u32 dstlen){
} /* End of arppackethdrinfo() */
int tcppackethdrinfo(const u8 *packet, size_t len, u8 *dstbuff, size_t dstlen,
int detail, const char *src, const char *dst){
assert(packet);
assert(dstbuff);
const char *protoinfo = tcphdrinfo(packet, len, detail, 0, src, dst);
Strncpy((char*)dstbuff, protoinfo, dstlen);
return OP_SUCCESS;
return (tcppackethdrinfo(packet, len, (char *)dstbuff, dstlen,
detail, 0, src, dst) > 0 ? OP_SUCCESS : OP_FAILURE);
} /* End of tcppackethdrinfo() */
int udppackethdrinfo(const u8 *packet, size_t len, u8 *dstbuff, size_t dstlen,
int detail, const char *src, const char *dst){
assert(packet);
assert(dstbuff);
const char *protoinfo = udphdrinfo(packet, len, detail, 0, src, dst);
strncpy((char*)dstbuff, protoinfo, dstlen);
return OP_SUCCESS;
return (udppackethdrinfo(packet, len, (char *)dstbuff, dstlen,
detail, 0, src, dst) > 0 ? OP_SUCCESS : OP_FAILURE);
} /* End of udppackethdrinfo() */
/** Returns a random (null-terminated) ASCII string with no special
* meaning. Returned string may be between 1 and 512 bytes and contain
* random letters and some whitespace.