Use FQDN_LEN instead of MAXHOSTNAMELEN for DNS name buffers

This closes #140 (issue #140), namely "Use correct lengths for FQDN, not MAXHOSTNAMELEN"
nmap · Jul 26, 2016 · 32efc8b · 32efc8b
1 parent fcb94e2
commit 32efc8b
Show file tree

Hide file tree

Showing 9 changed files with 28 additions and 17 deletions.
diff --git a/Target.cc b/Target.cc
@@ -134,6 +134,7 @@
 #include "nbase.h"
 #include "NmapOps.h"
 #include "utils.h"
+#include "nmap.h"
 #include "nmap_error.h"
 
 extern NmapOps o;
@@ -429,8 +430,10 @@ const char *Target::NameIP(char *buf, size_t buflen) const {
 
 /* This next version returns a static buffer -- so no concurrency */
 const char *Target::NameIP() const {
- if (!nameIPBuf) nameIPBuf = (char *) safe_malloc(MAXHOSTNAMELEN + INET6_ADDRSTRLEN);
- return NameIP(nameIPBuf, MAXHOSTNAMELEN + INET6_ADDRSTRLEN);
+ /* Add 3 characters for the hostname and IP string, hence we allocate
+ (FQDN_LEN + INET6_ADDRSTRLEN + 4) octets, with octet for the null terminator */
+ if (!nameIPBuf) nameIPBuf = (char *) safe_malloc(FQDN_LEN + INET6_ADDRSTRLEN + 4);
+ return NameIP(nameIPBuf, FQDN_LEN + INET6_ADDRSTRLEN + 4);
 }
 
  /* Returns the next hop for sending packets to this host. Returns true if

diff --git a/idle_scan.cc b/idle_scan.cc
@@ -547,7 +547,7 @@ static void initialize_idleproxy(struct idle_proxy_info *proxy, char *proxyName,
  int newipid;
  unsigned int i;
  char filter[512]; /* Libpcap filter string */
- char name[MAXHOSTNAMELEN + 1];
+ char name[FQDN_LEN + 1];
  struct sockaddr_storage ss;
  size_t sslen;
  u32 sequence_base;
@@ -1399,7 +1399,7 @@ static int idle_treescan(struct idle_proxy_info *proxy, Target *target,
 void idle_scan(Target *target, u16 *portarray, int numports,
  char *proxyName, const struct scan_lists *ports) {
 
- static char lastproxy[MAXHOSTNAMELEN + 1] = ""; /* The proxy used in any previous call */
+ static char lastproxy[FQDN_LEN + 1] = ""; /* The proxy used in any previous call */
  static struct idle_proxy_info proxy;
  int groupsz;
  int portidx = 0; /* Used for splitting the port array into chunks */

diff --git a/nmap.cc b/nmap.cc
@@ -965,8 +965,8 @@ void parse_options(int argc, char **argv) {
  } else if (strcmp(long_options[option_index].name, "sI") == 0) {
  o.idlescan = 1;
  o.idleProxy = strdup(optarg);
- if (strlen(o.idleProxy) > MAXHOSTNAMELEN) {
- fatal("ERROR: -sI argument must be less than %d characters", MAXHOSTNAMELEN);
+ if (strlen(o.idleProxy) > FQDN_LEN) {
+ fatal("ERROR: -sI argument must be less than %d characters", FQDN_LEN);
  }
  } else if (strcmp(long_options[option_index].name, "vv") == 0) {
  /* Compatibility hack ... ugly */
@@ -1745,11 +1745,11 @@ int nmap_main(int argc, char *argv[]) {
 #endif
  unsigned int ideal_scan_group_sz = 0;
  Target *currenths;
- char myname[MAXHOSTNAMELEN + 1];
+ char myname[FQDN_LEN + 1];
  int sourceaddrwarning = 0; /* Have we warned them yet about unguessable
  source addresses? */
  unsigned int targetno;
- char hostname[MAXHOSTNAMELEN + 1] = "";
+ char hostname[FQDN_LEN + 1] = "";
  struct sockaddr_storage ss;
  size_t sslen;
 
@@ -2035,7 +2035,7 @@ int nmap_main(int argc, char *argv[]) {
  if (o.SourceSockAddr(&ss, &sslen) == 0) {
  currenths->setSourceSockAddr(&ss, sslen);
  } else {
- if (gethostname(myname, MAXHOSTNAMELEN) ||
+ if (gethostname(myname, FQDN_LEN) ||
  resolve(myname, 0, &ss, &sslen, o.af()) != 0)
  fatal("Cannot get hostname! Try using -S <my_IP_address> or -e <interface to scan through>\n");
 

diff --git a/nmap.h b/nmap.h
@@ -323,6 +323,9 @@
 #define MAXHOSTNAMELEN 64
 #endif
 
+/* Length of longest DNS name */
+#define FQDN_LEN 254
+
 /* Max payload: Worst case is IPv4 with 40bytes of options and TCP with 20
  * bytes of options. */
 #define MAX_PAYLOAD_ALLOWED 65535-60-40

diff --git a/nmap_dns.cc b/nmap_dns.cc
@@ -1225,7 +1225,7 @@ static void nmap_mass_rdns_core(Target **targets, int num_targets) {
  for(i=0, reqI = deferred_reqs.begin(); reqI != deferred_reqs.end(); reqI++, i++) {
  struct sockaddr_storage ss;
  size_t sslen;
- char hostname[MAXHOSTNAMELEN + 1] = "";
+ char hostname[FQDN_LEN + 1] = "";
 
  if (keyWasPressed())
  SPM->printStats((double) i / deferred_reqs.size(), NULL);
@@ -1259,7 +1259,7 @@ static void nmap_system_rdns_core(Target **targets, int num_targets) {
  Target *currenths;
  struct sockaddr_storage ss;
  size_t sslen;
- char hostname[MAXHOSTNAMELEN + 1] = "";
+ char hostname[FQDN_LEN + 1] = "";
  char spmobuf[1024];
  int i;
 

diff --git a/nmap_ftp.cc b/nmap_ftp.cc
@@ -121,6 +121,7 @@
  ***************************************************************************/
 
 /* $Id$ */
+#include "nmap.h"
 #include "nmap_ftp.h"
 #include "output.h"
 #include "NmapOps.h"
@@ -167,9 +168,9 @@ int parse_bounce_argument(struct ftpinfo *ftp, char *url) {
  ftp->port = atoi(s);
  }
 
- strncpy(ftp->server_name, q, MAXHOSTNAMELEN);
+ strncpy(ftp->server_name, q, FQDN_LEN+1);
 
- ftp->user[63] = ftp->pass[255] = ftp->server_name[MAXHOSTNAMELEN] = 0;
+ ftp->user[63] = ftp->pass[255] = ftp->server_name[FQDN_LEN] = 0;
 
  return 1;
 }

diff --git a/nmap_ftp.h b/nmap_ftp.h
@@ -137,7 +137,7 @@ class Target;
 struct ftpinfo {
  char user[64];
  char pass[256]; /* methinks you're paranoid if you need this much space */
- char server_name[MAXHOSTNAMELEN + 1];
+ char server_name[FQDN_LEN + 1];
  struct in_addr server;
  u16 port;
  int sd; /* socket descriptor */

diff --git a/nping/NpingTarget.cc b/nping/NpingTarget.cc
@@ -128,6 +128,10 @@
 #include "nping_winconfig.h"
 #endif
 
+#ifndef FQDN_LEN
+#define FQDN_LEN 254
+#endif
+
 #include "NpingTarget.h"
 #include <dnet.h>
 #include "nbase.h"
@@ -761,8 +765,8 @@ const char *NpingTarget::getNameAndIP(char *buf, size_t buflen) {
 /** This next version returns a static buffer -- so no concurrency */
 const char *NpingTarget::getNameAndIP() {
  if(!nameIPBuf)
- nameIPBuf = (char *)safe_malloc(MAXHOSTNAMELEN + INET6_ADDRSTRLEN);
- return getNameAndIP(nameIPBuf, MAXHOSTNAMELEN + INET6_ADDRSTRLEN);
+ nameIPBuf = (char *)safe_malloc(FQDN_LEN + INET6_ADDRSTRLEN + 4);
+ return getNameAndIP(nameIPBuf, FQDN_LEN + INET6_ADDRSTRLEN + 4);
 } /* End of getNameAndIP() */
 
 

diff --git a/output.cc b/output.cc
@@ -2095,7 +2095,7 @@ void printserviceinfooutput(Target *currenths) {
  Port port;
  struct serviceDeductions sd;
  int i, numhostnames = 0, numostypes = 0, numdevicetypes = 0, numcpes = 0;
- char hostname_tbl[MAX_SERVICE_INFO_FIELDS][MAXHOSTNAMELEN];
+ char hostname_tbl[MAX_SERVICE_INFO_FIELDS][FQDN_LEN+1];
  char ostype_tbl[MAX_SERVICE_INFO_FIELDS][64];
  char devicetype_tbl[MAX_SERVICE_INFO_FIELDS][64];
  char cpe_tbl[MAX_SERVICE_INFO_FIELDS][80];