From 41d6516c909be380b176807aaa52fb79d338b889 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 10 2018 05:09:29 +0000 Subject: import nmap-6.40-13.el7 --- diff --git a/.gitignore b/.gitignore index 1fd3baa..14ab94c 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ +SOURCES/nmap-ncat-7.50.tar.bz2 SOURCES/nmap-purified-6.40.tar.bz2 diff --git a/.nmap.metadata b/.nmap.metadata index 6d6e58b..6ec65cb 100644 --- a/.nmap.metadata +++ b/.nmap.metadata @@ -1 +1,2 @@ +8e84bfeeacaaf80dd8bbff351d6e893642b1b533 SOURCES/nmap-ncat-7.50.tar.bz2 58cd84e04fae5a64b091f0ed4ab9e024b7494177 SOURCES/nmap-purified-6.40.tar.bz2 diff --git a/SOURCES/nmap-6.40-add_eproto_handler.patch b/SOURCES/nmap-6.40-add_eproto_handler.patch new file mode 100644 index 0000000..3de4b87 --- /dev/null +++ b/SOURCES/nmap-6.40-add_eproto_handler.patch @@ -0,0 +1,12 @@ +diff --git a/nsock/src/nsock_core.c b/nsock/src/nsock_core.c +index ec38cad..1261c83 100644 +--- a/nsock/src/nsock_core.c ++++ b/nsock/src/nsock_core.c +@@ -350,6 +350,7 @@ void handle_connect_result(mspool *ms, msevent *nse, enum nse_status status) { + case ETIMEDOUT: + case EHOSTDOWN: + case ECONNRESET: ++ case EPROTO: + #ifdef WIN32 + case WSAEADDRINUSE: + case WSAEADDRNOTAVAIL: diff --git a/SOURCES/nmap-6.40-ncat_7.50.patch b/SOURCES/nmap-6.40-ncat_7.50.patch new file mode 100644 index 0000000..d4963c4 --- /dev/null +++ b/SOURCES/nmap-6.40-ncat_7.50.patch @@ -0,0 +1,258 @@ +diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c +index a420126..048dc46 100644 +--- a/ncat/ncat_connect.c ++++ b/ncat/ncat_connect.c +@@ -265,20 +265,20 @@ static void connect_report(nsock_iod nsi) + union sockaddr_u peer; + zmem(&peer, sizeof(peer.storage)); + +- nsock_iod_get_communication_info(nsi, NULL, NULL, NULL, &peer.sockaddr, ++ nsi_getlastcommunicationinfo(nsi, NULL, NULL, NULL, &peer.sockaddr, + sizeof(peer.storage)); + if (o.verbose) { + #ifdef HAVE_OPENSSL +- if (nsock_iod_check_ssl(nsi)) { ++ if (nsi_checkssl(nsi)) { + X509 *cert; + X509_NAME *subject; + char digest_buf[SHA1_STRING_LENGTH + 1]; + char *fp; + + loguser("SSL connection to %s:%d.", inet_socktop(&peer), +- nsock_iod_get_peerport(nsi)); ++ nsi_peerport(nsi)); + +- cert = SSL_get_peer_certificate((SSL *)nsock_iod_get_ssl(nsi)); ++ cert = SSL_get_peer_certificate((SSL *)nsi_getssl(nsi)); + ncat_assert(cert != NULL); + + subject = X509_get_subject_name(cert); +@@ -303,7 +303,7 @@ static void connect_report(nsock_iod nsi) + else + #endif + loguser("Connected to %s:%d.\n", inet_socktop(&peer), +- nsock_iod_get_peerport(nsi)); ++ nsi_peerport(nsi)); + } + #else + #if HAVE_SYS_UN_H +@@ -312,7 +312,7 @@ static void connect_report(nsock_iod nsi) + else + #endif + loguser("Connected to %s:%d.\n", inet_socktop(&peer), +- nsock_iod_get_peerport(nsi)); ++ nsi_peerport(nsi)); + #endif + } + } +@@ -892,32 +892,32 @@ int ncat_connect(void) + nsock_set_default_engine("select"); + + /* Create an nsock pool */ +- if ((mypool = nsock_pool_new(NULL)) == NULL) ++ if ((mypool = nsp_new(NULL)) == NULL) + bye("Failed to create nsock_pool."); + + if (o.debug >= 6) +- nsock_set_loglevel(NSOCK_LOG_DBG_ALL); ++ nsock_set_loglevel(mypool, NSOCK_LOG_DBG_ALL); + else if (o.debug >= 3) +- nsock_set_loglevel(NSOCK_LOG_DBG); ++ nsock_set_loglevel(mypool, NSOCK_LOG_DBG); + else if (o.debug >= 1) +- nsock_set_loglevel(NSOCK_LOG_INFO); ++ nsock_set_loglevel(mypool, NSOCK_LOG_INFO); + else +- nsock_set_loglevel(NSOCK_LOG_ERROR); ++ nsock_set_loglevel(mypool, NSOCK_LOG_ERROR); + + /* Allow connections to broadcast addresses. */ + nsock_pool_set_broadcast(mypool, 1); + + #ifdef HAVE_OPENSSL +- set_ssl_ctx_options((SSL_CTX *) nsock_pool_ssl_init(mypool, 0)); ++ set_ssl_ctx_options((SSL_CTX *) nsock_pool_ssl_init(mypool)); + #endif + + if (!o.proxytype) { + /* A non-proxy connection. Create an iod for a new socket. */ +- cs.sock_nsi = nsock_iod_new(mypool, NULL); ++ cs.sock_nsi = nsi_new(mypool, NULL); + if (cs.sock_nsi == NULL) + bye("Failed to create nsock_iod."); + +- if (nsock_iod_set_hostname(cs.sock_nsi, o.target) == -1) ++ if (nsi_set_hostname(cs.sock_nsi, o.target) == -1) + bye("Failed to set hostname on iod."); + + #if HAVE_SYS_UN_H +@@ -945,7 +945,7 @@ int ncat_connect(void) + strncpy(srcaddr.un.sun_path, tmp_name, sizeof(srcaddr.un.sun_path)); + free (tmp_name); + } +- nsock_iod_set_localaddr(cs.sock_nsi, &srcaddr.storage, ++ nsi_set_localaddr(cs.sock_nsi, &srcaddr.storage, + SUN_LEN((struct sockaddr_un *)&srcaddr.storage)); + + if (o.verbose) +@@ -957,23 +957,23 @@ int ncat_connect(void) + case AF_UNSPEC: + break; + case AF_INET: +- nsock_iod_set_localaddr(cs.sock_nsi, &srcaddr.storage, ++ nsi_set_localaddr(cs.sock_nsi, &srcaddr.storage, + sizeof(srcaddr.in)); + break; + #ifdef AF_INET6 + case AF_INET6: +- nsock_iod_set_localaddr(cs.sock_nsi, &srcaddr.storage, ++ nsi_set_localaddr(cs.sock_nsi, &srcaddr.storage, + sizeof(srcaddr.in6)); + break; + #endif + #if HAVE_SYS_UN_H + case AF_UNIX: +- nsock_iod_set_localaddr(cs.sock_nsi, &srcaddr.storage, ++ nsi_set_localaddr(cs.sock_nsi, &srcaddr.storage, + SUN_LEN((struct sockaddr_un *)&srcaddr.storage)); + break; + #endif + default: +- nsock_iod_set_localaddr(cs.sock_nsi, &srcaddr.storage, ++ nsi_set_localaddr(cs.sock_nsi, &srcaddr.storage, + sizeof(srcaddr.storage)); + break; + } +@@ -986,7 +986,7 @@ int ncat_connect(void) + bye("Sorry, -g can only currently be used with IPv4."); + ipopts = buildsrcrte(targetaddrs->addr.in.sin_addr, o.srcrtes, o.numsrcrtes, o.srcrteptr, &ipoptslen); + +- nsock_iod_set_ipoptions(cs.sock_nsi, ipopts, ipoptslen); ++ nsi_set_ipoptions(cs.sock_nsi, ipopts, ipoptslen); + free(ipopts); /* Nsock has its own copy */ + } + +@@ -1029,10 +1029,10 @@ int ncat_connect(void) + + /* Once the proxy negotiation is done, Nsock takes control of the + socket. */ +- cs.sock_nsi = nsock_iod_new2(mypool, connect_socket, NULL); ++ cs.sock_nsi = nsi_new2(mypool, connect_socket, NULL); + + /* Create IOD for nsp->stdin */ +- if ((cs.stdin_nsi = nsock_iod_new2(mypool, 0, NULL)) == NULL) ++ if ((cs.stdin_nsi = nsi_new2(mypool, 0, NULL)) == NULL) + bye("Failed to create stdin nsiod."); + + post_connect(mypool, cs.sock_nsi); +@@ -1049,8 +1049,8 @@ int ncat_connect(void) + gettimeofday(&end_time, NULL); + time = TIMEVAL_MSEC_SUBTRACT(end_time, start_time) / 1000.0; + loguser("%lu bytes sent, %lu bytes received in %.2f seconds.\n", +- nsock_iod_get_write_count(cs.sock_nsi), +- nsock_iod_get_read_count(cs.sock_nsi), time); ++ nsi_get_write_count(cs.sock_nsi), ++ nsi_get_read_count(cs.sock_nsi), time); + } + + #if HAVE_SYS_UN_H +@@ -1061,7 +1061,7 @@ int ncat_connect(void) + } + #endif + +- nsock_pool_delete(mypool); ++ nsp_delete(mypool); + + return rc == NSOCK_LOOP_ERROR ? 1 : 0; + } +@@ -1127,7 +1127,7 @@ static void connect_handler(nsock_pool nsp, nsock_event evt, void *data) + if (o.verbose) { + union sockaddr_u peer; + zmem(&peer, sizeof(peer.storage)); +- nsock_iod_get_communication_info(cs.sock_nsi, NULL, NULL, NULL, ++ nsi_getlastcommunicationinfo(cs.sock_nsi, NULL, NULL, NULL, + &peer.sockaddr, sizeof(peer.storage)); + loguser("Connection to %s failed: %s.\n", inet_socktop(&peer), socket_strerror(errcode)); + loguser("Trying next address...\n"); +@@ -1146,10 +1146,10 @@ static void connect_handler(nsock_pool nsp, nsock_event evt, void *data) + } + + #ifdef HAVE_OPENSSL +- if (nsock_iod_check_ssl(cs.sock_nsi)) { ++ if (nsi_checkssl(cs.sock_nsi)) { + /* Check the domain name. ssl_post_connect_check prints an + error message if appropriate. */ +- if (!ssl_post_connect_check((SSL *)nsock_iod_get_ssl(cs.sock_nsi), o.target)) ++ if (!ssl_post_connect_check((SSL *)nsi_getssl(cs.sock_nsi), o.target)) + bye("Certificate verification error."); + } + #endif +@@ -1160,7 +1160,7 @@ static void connect_handler(nsock_pool nsp, nsock_event evt, void *data) + } + + /* Create IOD for nsp->stdin */ +- if ((cs.stdin_nsi = nsock_iod_new2(nsp, 0, NULL)) == NULL) ++ if ((cs.stdin_nsi = nsi_new2(nsp, 0, NULL)) == NULL) + bye("Failed to create stdin nsiod."); + + post_connect(nsp, nse_iod(evt)); +@@ -1174,9 +1174,9 @@ static void post_connect(nsock_pool nsp, nsock_iod iod) + if (o.cmdexec) { + struct fdinfo info; + +- info.fd = nsock_iod_get_sd(iod); ++ info.fd = nsi_getsd(iod); + #ifdef HAVE_OPENSSL +- info.ssl = (SSL *)nsock_iod_get_ssl(iod); ++ info.ssl = (SSL *)nsi_getssl(iod); + #endif + /* Convert Nsock's non-blocking socket to an ordinary blocking one. It's + possible for a program to write fast enough that it will get an +@@ -1217,7 +1217,7 @@ static void read_stdin_handler(nsock_pool nsp, nsock_event evt, void *data) + + if (status == NSE_STATUS_EOF) { + if (!o.noshutdown) +- shutdown(nsock_iod_get_sd(cs.sock_nsi), SHUT_WR); ++ shutdown(nsi_getsd(cs.sock_nsi), SHUT_WR); + /* In --send-only mode or non-TCP mode, exit after EOF on stdin. */ + if (o.proto != IPPROTO_TCP || (o.proto == IPPROTO_TCP && o.sendonly)) + nsock_loop_quit(nsp); +@@ -1288,7 +1288,7 @@ static void read_socket_handler(nsock_pool nsp, nsock_event evt, void *data) + ncat_delay_timer(o.linedelay); + + if (o.telnet) +- dotelnet(nsock_iod_get_sd(nse_iod(evt)), (unsigned char *) buf, nbytes); ++ dotelnet(nsi_getsd(nse_iod(evt)), (unsigned char *) buf, nbytes); + + /* Write socket data to stdout */ + Write(STDOUT_FILENO, buf, nbytes); +diff --git a/ncat/util.h b/ncat/util.h +index 63f4c6f..f81d577 100644 +--- a/ncat/util.h ++++ b/ncat/util.h +@@ -175,6 +175,8 @@ do { \ + + void die(char *); + ++#define NORETURN __attribute__((noreturn)) ++ + NORETURN void bye(const char *, ...) + __attribute__ ((format (printf, 1, 2))); + +diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c +index 048dc46..8680278 100644 +--- a/ncat/ncat_connect.c ++++ b/ncat/ncat_connect.c +@@ -905,10 +905,10 @@ int ncat_connect(void) + nsock_set_loglevel(mypool, NSOCK_LOG_ERROR); + + /* Allow connections to broadcast addresses. */ +- nsock_pool_set_broadcast(mypool, 1); ++ nsp_setbroadcast(mypool, 1); + + #ifdef HAVE_OPENSSL +- set_ssl_ctx_options((SSL_CTX *) nsock_pool_ssl_init(mypool)); ++ set_ssl_ctx_options((SSL_CTX *) nsp_ssl_init(mypool)); + #endif + + if (!o.proxytype) { diff --git a/SOURCES/nmap-6.40-ncat_early_error_reporting.patch b/SOURCES/nmap-6.40-ncat_early_error_reporting.patch new file mode 100644 index 0000000..74fe9d1 --- /dev/null +++ b/SOURCES/nmap-6.40-ncat_early_error_reporting.patch @@ -0,0 +1,19 @@ +diff --git a/nsock/src/nsock_core.c b/nsock/src/nsock_core.c +index ec38cad..aac2c1b 100644 +--- a/nsock/src/nsock_core.c ++++ b/nsock/src/nsock_core.c +@@ -1230,6 +1230,14 @@ void nsp_add_event(mspool *nsp, msevent *nse) { + assert(0); + break; /* unreached */ + } ++ ++ /* It can happen that the event already completed. In which case we can ++ * * already deliver it, even though we're probably not inside nsock_loop(). */ ++ if (nse->event_done) { ++ msevent_dispatch_and_delete(nsp, nse, 1); ++ update_first_events(nse); ++ ++ } + } + + /* An event has been completed and the handler is about to be called. This diff --git a/SOURCES/nmap-6.40-ncat_memleak.patch b/SOURCES/nmap-6.40-ncat_memleak.patch new file mode 100644 index 0000000..420d4c0 --- /dev/null +++ b/SOURCES/nmap-6.40-ncat_memleak.patch @@ -0,0 +1,200 @@ +diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c +index d8c73ab1b..5695800a3 100644 +--- a/ncat/ncat_connect.c ++++ b/ncat/ncat_connect.c +@@ -1049,7 +1049,10 @@ int ncat_connect(void) + } + + if (connect_socket == -1) ++ { ++ nsp_delete(mypool); + return 1; ++ } + /* Clear out whatever is left in the socket buffer which may be + already sent by proxy server along with http response headers. */ + //line = socket_buffer_remainder(&stateful_buf, &n); +--- a/ncat/ncat.h ++++ b/ncat/ncat.h +@@ -177,13 +177,13 @@ + + struct socks5_connect { + char ver; +- char nmethods; ++ unsigned char nmethods; + char methods[3]; + } __attribute__((packed)); + + struct socks5_auth { +- char ver; // must be always 1 +- char data[SOCKS_BUFF_SIZE]; ++ char ver; // must be always 1 ++ unsigned char data[SOCKS_BUFF_SIZE]; + } __attribute__((packed)); + + struct socks5_request { +@@ -263,6 +263,12 @@ + #define SOCKS5_ATYP_NAME 3 + #define SOCKS5_ATYP_IPv6 4 + ++#define SOCKS5_USR_MAXLEN 255 ++#define SOCKS5_PWD_MAXLEN 255 ++ ++#if SOCKS_BUFF_SIZE < (1 + SOCKS5_USR_MAXLEN) + (1 + SOCKS5_PWD_MAXLEN) ++#error SOCKS_BUFF_SIZE is defined too small to handle SOCKS5 authentication ++#endif + + /* Length of IPv6 address */ + #ifndef INET6_ADDRSTRLEN +--- a/ncat/ncat_connect.c ++++ b/ncat/ncat_connect.c +@@ -664,9 +664,8 @@ + int sd,len,lenfqdn; + struct socks5_request socks5msg2; + struct socks5_auth socks5auth; +- char *proxy_auth; +- char *username; +- char *password; ++ char *uptr, *pptr; ++ size_t authlen, ulen, plen; + + sd = do_connect(SOCK_STREAM); + if (sd == -1) { +@@ -683,17 +682,13 @@ + + zmem(&socks5msg,sizeof(socks5msg)); + socks5msg.ver = SOCKS5_VERSION; +- socks5msg.nmethods = 1; +- socks5msg.methods[0] = SOCKS5_AUTH_NONE; +- len = 3; ++ socks5msg.nmethods = 0; ++ socks5msg.methods[socks5msg.nmethods++] = SOCKS5_AUTH_NONE; + +- if (o.proxy_auth){ +- socks5msg.nmethods ++; +- socks5msg.methods[1] = SOCKS5_AUTH_USERPASS; +- len ++; +- } ++ if (o.proxy_auth) ++ socks5msg.methods[socks5msg.nmethods++] = SOCKS5_AUTH_USERPASS; + +- if (send(sd, (char *) &socks5msg, len, 0) < 0) { ++ if (send(sd, (char *)&socks5msg, offsetof(struct socks5_connect, methods) + socks5msg.nmethods, 0) < 0) { + loguser("Error: proxy request: %s.\n", socket_strerror(socket_errno())); + close(sd); + return -1; +@@ -706,46 +701,47 @@ + return -1; + } + +- if (socksbuf[0] != 5){ ++ if (socksbuf[0] != SOCKS5_VERSION) { + loguser("Error: got wrong server version in response.\n"); + close(sd); + return -1; + } + +- switch(socksbuf[1]) { ++ switch((unsigned char)socksbuf[1]) { + case SOCKS5_AUTH_NONE: + if (o.verbose) + loguser("No authentication needed.\n"); + break; + +- case SOCKS5_AUTH_GSSAPI: +- loguser("GSSAPI authentication method not supported.\n"); +- close(sd); +- return -1; +- + case SOCKS5_AUTH_USERPASS: + if (o.verbose) + loguser("Doing username and password authentication.\n"); + + if(!o.proxy_auth){ +- loguser("Error: proxy requested to do authentication, but no credentials were provided.\n"); ++ /* Proxy must not select a method not offered by the client */ ++ loguser("Error: proxy selected invalid authentication method.\n"); + close(sd); + return -1; + } + +- if (strlen(o.proxy_auth) > SOCKS_BUFF_SIZE-2){ +- loguser("Error: username and password are too long to fit into buffer.\n"); ++ /* Split up the proxy auth argument. */ ++ uptr = o.proxy_auth; ++ pptr = strchr(o.proxy_auth, ':'); ++ if (pptr == NULL) { ++ loguser("Error: invalid username:password combo.\n"); + close(sd); + return -1; + } + +- /* Split up the proxy auth argument. */ +- proxy_auth = Strdup(o.proxy_auth); +- username = strtok(proxy_auth, ":"); +- password = strtok(NULL, ":"); +- if (password == NULL || username == NULL) { +- free(proxy_auth); +- loguser("Error: empty username or password.\n"); ++ ulen = (pptr++) - uptr; ++ plen = strlen(pptr); ++ if (ulen > SOCKS5_USR_MAXLEN) { ++ loguser("Error: username length exceeds %d.\n", SOCKS5_USR_MAXLEN); ++ close(sd); ++ return -1; ++ } ++ if (plen > SOCKS5_PWD_MAXLEN) { ++ loguser("Error: password length exceeds %d.\n", SOCKS5_PWD_MAXLEN); + close(sd); + return -1; + } +@@ -766,15 +762,16 @@ + */ + + socks5auth.ver = 1; +- socks5auth.data[0] = strlen(username); +- memcpy(socks5auth.data+1,username,strlen(username)); +- len = 2 + strlen(username); // (version + strlen) + username ++ authlen = 0; ++ socks5auth.data[authlen++] = ulen; ++ memcpy(socks5auth.data + authlen, uptr, ulen); ++ authlen += ulen; + +- socks5auth.data[len-1]=strlen(password); +- memcpy(socks5auth.data+len,password,strlen(password)); +- len += 1 + strlen(password); ++ socks5auth.data[authlen++] = plen; ++ memcpy(socks5auth.data + authlen, pptr, plen); ++ authlen += plen; + +- if (send(sd, (char *) &socks5auth, len, 0) < 0) { ++ if (send(sd, (char *) &socks5auth, offsetof(struct socks5_auth, data) + authlen, 0) < 0) { + loguser("Error: sending proxy authentication.\n"); + close(sd); + return -1; +@@ -794,8 +791,14 @@ + + break; + ++ case SOCKS5_AUTH_FAILED: ++ loguser("Error: no acceptable authentication method proposed.\n"); ++ close(sd); ++ return -1; ++ + default: +- loguser("Error - can't choose any authentication method.\n"); ++ /* Proxy must not select a method not offered by the client */ ++ loguser("Error: proxy selected invalid authentication method.\n"); + close(sd); + return -1; + } +@@ -832,6 +835,10 @@ + socks5msg2.dst[0]=lenfqdn; + memcpy(socks5msg2.dst+1,o.target,lenfqdn); + len = 1 + lenfqdn; ++ break; ++ ++ default: // this shall not happen ++ ncat_assert(0); + } + + memcpy(socks5msg2.dst+len, &proxyport, sizeof(proxyport)); diff --git a/SOURCES/nmap-6.40-trancated_dns.patch b/SOURCES/nmap-6.40-trancated_dns.patch new file mode 100644 index 0000000..c773551 --- /dev/null +++ b/SOURCES/nmap-6.40-trancated_dns.patch @@ -0,0 +1,179 @@ +diff -up nmap-5.51/nmap_dns.cc.tcpdns nmap-5.51/nmap_dns.cc +--- a/nmap_dns.cc 2011-01-21 01:04:16.000000000 +0100 ++++ b/nmap_dns.cc 2016-10-26 11:04:49.057723356 +0200 +@@ -677,9 +677,9 @@ static void read_evt_handler(nsock_pool + + packet_id = buf[1] + (buf[0] << 8); + +- // Check that this is a response, standard query, and that no truncation was performed ++ // Check that this is a response, standard query + // 0xFA == 11111010 (we're not concerned with AA or RD bits) +- if ((buf[2] & 0xFA) != 0x80) return; ++ if ((buf[2] & 0xF8) != 0x80) return; + + // Check that the zero field is all zeros and there is no error condition. + // We don't care if recursion is available or not since we might be querying +@@ -715,7 +715,8 @@ static void read_evt_handler(nsock_pool + return; + } + +- if (queries <= 0 || answers <= 0) return; ++ bool processing_successful = false; ++// if (queries <= 0 || answers <= 0) return; + + curbuf = 12; + +@@ -732,7 +733,7 @@ static void read_evt_handler(nsock_pool + + // We're now at the ANSWER section + +- for (i=0; i= TRACE_DEBUG_LEVEL) log_write(LOG_STDOUT, "mass_rdns: OK MATCHED <%s> to <%s>\n", inet_ntoa(ia), outbuf); + output_summary(); + stat_ok++; +@@ -771,15 +772,26 @@ static void read_evt_handler(nsock_pool + if (ia.s_addr == 0) return; + + if (o.debugging >= TRACE_DEBUG_LEVEL) log_write(LOG_STDOUT, "mass_rdns: CNAME found for <%s>\n", inet_ntoa(ia)); +- process_result(ia.s_addr, NULL, ACTION_CNAME_LIST, packet_id); ++ processing_successful = process_result(ia.s_addr, NULL, ACTION_SYSTEM_RESOLVE, packet_id); + } else { + if (rdlen < 0 || rdlen + curbuf >= buflen) return; + curbuf += rdlen; + } + +- if (curbuf >= buflen) return; ++ if (curbuf >= buflen) break;//return; + } + ++ if (!processing_successful) { ++ if ((buf[2] & 0x02)) { //truncated ++ u32 discard = 0; ++ process_result(discard, NULL, ACTION_SYSTEM_RESOLVE, packet_id); ++ } ++ else { ++ if (o.debugging >= TRACE_DEBUG_LEVEL) { ++ log_write(LOG_STDOUT, "mass_rdns: Unable to process the response\n"); ++ } ++ } ++ } + } + + +@@ -1225,20 +1237,20 @@ static void nmap_mass_rdns_core(Target * + + nsp_delete(dnspool); + +- if (cname_reqs.size() && o.debugging) +- log_write(LOG_STDOUT, "Performing system-dns for %d domain names that use CNAMEs\n", (int) cname_reqs.size()); ++ if (deferred_reqs.size() && o.debugging) ++ log_write(LOG_STDOUT, "Performing system-dns for %d domain names that were deferred\n", (int) deferred_reqs.size()); + +- if (cname_reqs.size()) { +- Snprintf(spmobuf, sizeof(spmobuf), "System CNAME DNS resolution of %u host%s.", (unsigned) cname_reqs.size(), cname_reqs.size()-1 ? "s" : ""); ++ if (deferred_reqs.size()) { ++ Snprintf(spmobuf, sizeof(spmobuf), "System DNS resolution of %u host%s.", (unsigned) deferred_reqs.size(), deferred_reqs.size()-1 ? "s" : ""); + SPM = new ScanProgressMeter(spmobuf); + +- for(i=0, reqI = cname_reqs.begin(); reqI != cname_reqs.end(); reqI++, i++) { ++ for(i=0, reqI = deferred_reqs.begin(); reqI != deferred_reqs.end(); reqI++, i++) { + struct sockaddr_storage ss; + size_t sslen; + char hostname[MAXHOSTNAMELEN + 1] = ""; + + if (keyWasPressed()) +- SPM->printStats((double) i / cname_reqs.size(), NULL); ++ SPM->printStats((double) i / deferred_reqs.size(), NULL); + + tpreq = *reqI; + +diff --git a/nmap_dns.cc b/nmap_dns.cc +index 9a72336..e01230c 100644 +--- a/nmap_dns.cc ++++ b/nmap_dns.cc +@@ -309,7 +309,7 @@ struct host_elem { + + static std::list servs; + static std::list new_reqs; +-static std::list cname_reqs; ++static std::list deferred_reqs; + static int total_reqs; + static nsock_pool dnspool=NULL; + +diff --git a/nmap_dns.cc b/nmap_dns.cc +index e01230c..540d39d 100644 +--- a/nmap_dns.cc ++++ b/nmap_dns.cc +@@ -327,12 +327,13 @@ static ScanProgressMeter *SPM; + + //------------------- Prototypes and macros --------------------- + ++static void read_evt_handler(nsock_pool, nsock_event, void *); + static void put_dns_packet_on_wire(request *req); + static const char *lookup_etchosts(u32 ip); + static void addto_etchosts(u32 ip, const char *hname); + + #define ACTION_FINISHED 0 +-#define ACTION_CNAME_LIST 1 ++#define ACTION_SYSTEM_RESOLVE 1 + #define ACTION_TIMEOUT 2 + + //------------------- Misc code --------------------- +diff --git a/nmap_dns.cc b/nmap_dns.cc +index 540d39d..e0c6f6c 100644 +--- a/nmap_dns.cc ++++ b/nmap_dns.cc +@@ -1240,7 +1240,7 @@ static void nmap_mass_rdns_core(Target **targets, int num_targets) { + + connect_dns_servers(); + +- cname_reqs.clear(); ++ deferred_reqs.clear(); + + read_timeout_index = MIN(sizeof(read_timeouts)/sizeof(read_timeouts[0]), servs.size()) - 1; + +diff --git a/nmap_dns.cc b/nmap_dns.cc +index 9363614..815b3a4 100644 +--- a/nmap_dns.cc ++++ b/nmap_dns.cc +@@ -558,7 +558,7 @@ static int process_result(u32 ia, char *result, int action, u16 id) { + if (ia != 0 && tpreq->targ->v4host().s_addr != ia) + continue; + +- if (action == ACTION_CNAME_LIST || action == ACTION_FINISHED) { ++ if (action == ACTION_SYSTEM_RESOLVE || action == ACTION_FINISHED) { + servI->capacity += CAPACITY_UP_STEP; + check_capacities(&*servI); + +@@ -572,7 +572,7 @@ static int process_result(u32 ia, char *result, int action, u16 id) { + + total_reqs--; + +- if (action == ACTION_CNAME_LIST) cname_reqs.push_back(tpreq); ++ if (action == ACTION_SYSTEM_RESOLVE) deferred_reqs.push_back(tpreq); + if (action == ACTION_FINISHED) delete tpreq; + } else { + memcpy(&tpreq->timeout, nsock_gettimeofday(), sizeof(struct timeval)); +diff --git a/nmap_dns.cc b/nmap_dns.cc +index 815b3a4..f00ac18 100644 +--- a/nmap_dns.cc ++++ b/nmap_dns.cc +@@ -1302,7 +1302,7 @@ static void nmap_mass_rdns_core(Target **targets, int num_targets) { + delete SPM; + } + +- cname_reqs.clear(); ++ deferred_reqs.clear(); + + } + diff --git a/SPECS/nmap.spec b/SPECS/nmap.spec index 357a513..6824572 100644 --- a/SPECS/nmap.spec +++ b/SPECS/nmap.spec @@ -3,8 +3,12 @@ Summary: Network exploration tool and security scanner Name: nmap Epoch: 2 Version: 6.40 +## We rebase ncat on newer version to have compatibility with nc +## For doing this few upstream patches must be reverted +## https://bugzilla.redhat.com/1460249 +%global ncat_version 7.50 #global prerelease %{nil} -Release: 7%{?dist} +Release: 13%{?dist} # nmap is GPLv2 # zenmap is GPLv2 and LGPLv2+ (zenmap/higwidgets) and GPLv2+ (zenmap/radialnet) # libdnet-stripped is BSD (advertising clause rescinded by the Univ. of California in 1999) with some parts as Public Domain (crc32) @@ -16,10 +20,17 @@ Requires: %{name}-ncat = %{epoch}:%{version}-%{release} # VER=%{version}; tar xjf nmap-${VER}.tar.bz2; rm -rf nmap-${VER}/{libpcap,libpcre,macosx,mswin32}; tar cjf nmap-purified-${VER}.tar.bz2 nmap-${VER} #Source0: http://nmap.org/dist/%{name}-%{version}%{?prerelease}.tar.bz2 Source0: %{name}-purified-%{version}%{?prerelease}.tar.bz2 + +%if "%{ncat_version}" != "%{version}" +# VER=%{ncat_version}; tar xjf nmap-${VER}.tar.bz2; cd nmap-${VER}; tar cjf nmap-ncat-${VER}.tar.bz2 ncat +Source4: %{name}-ncat-%{ncat_version}.tar.bz2 +%endif + Source1: zenmap.desktop Source2: zenmap-root.pamd Source3: zenmap-root.consoleapps + #prevent possible race condition for shtool, rhbz#158996 Patch1: nmap-4.03-mktemp.patch @@ -40,6 +51,17 @@ Patch8: nmap-6.40-logdebug.patch # sent upstream, for nmap <= 6.49, rhbz#1192143 Patch9: nmap-6.40-allresolve.patch +# https://bugzilla.redhat.com/1390326 +# backported upstream +Patch10: nmap-6.40-trancated_dns.patch + +%if "%{ncat_version}" != "%{version}" +Patch11: nmap-6.40-ncat_%{ncat_version}.patch +Patch12: nmap-6.40-ncat_memleak.patch +%endif +Patch13: nmap-6.40-add_eproto_handler.patch +Patch14: nmap-6.40-ncat_early_error_reporting.patch + URL: http://nmap.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel, gtk2-devel, lua-devel, libpcap-devel, pcre-devel @@ -90,16 +112,36 @@ uses. %prep %setup -q -n %{name}-%{version}%{?prerelease} + +%if "%{ncat_version}" != "%{version}" +# Replace ncat sources if needed +rm -rf ncat +tar -xf %{SOURCE4} +%endif + %patch1 -p1 -b .mktemp %patch2 -p1 -b .noms %patch4 -p1 -b .bz637403 %patch5 -p1 -b .ncat_reg_stdin %patch6 -p1 -b .displayerror %patch7 -p1 -b .mantypo +%patch10 -p1 -b .dns_resolve + + +%if "%{ncat_version}" != "%{version}" +# Patch for newer/older ncat +%patch11 -p1 -b .ncatrebase +%patch12 -p1 -b .memleak +%else +# Patches which were accepted upstream and not needed in rebased version %patch8 -p1 -b .logdebug %patch9 -p1 -b .allresolve +%endif + +%patch14 -p1 -b .errorreporting +%patch13 -p1 -b .eproto -#be sure we're not using tarballed copies of some libraries, +#be sure we're not using tarballed copies of some libraries, #we remove them when creating our own tarball, just check they are not present [ -z "$(ls -d 2>/dev/null libpcap libpcre macosx mswin32)" ] || exit 1 @@ -233,6 +275,24 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man1/xnmap.1.gz %changelog +* Wed Nov 8 2017 Pavel Zhukov - 2:6.40-13 +- Resolves: #1436402 - nc from nmap ncat crash if ipv6 disabled + +* Fri Oct 20 2017 Pavel Zhukov - 2:6.40-12 +- Add eproto to list of hanled errnos + +* Fri Sep 08 2017 Pavel Zhukov - 2:6.40-11 +- Related: ##1460249 - Replace memleak patch with one provided by upstream + +* Mon Aug 21 2017 Pavel Zhukov - 2:6.40-10 +- Related: #1460249 - Fix memory leaks (covscan errors) + +* Thu Aug 17 2017 Pavel Zhukov - 2:6.40-9 +- Resolves: #1460249, #1436402, #1317924, #1379008 - Rebase ncat on 7.50 + +* Wed Aug 16 2017 Pavel Zhukov - 2:6.40-8 +- Resolves: #1390326 - Failback to system resolver for truncated dns replies + * Thu Jul 30 2015 Michal Hlavinka - 2:6.40-7 - explicitely disable modules we don't want to build to have consistent results (#1246453)