nmap-4.50: -O option broken on Solaris 9?

["Castle, Shane" <scastle () co boulder co us>]

I compiled nmap-4.50 on one of my Solaris 9 boxes today, and immediately
had a couple of problems.  First, it wouldn't compile at all, but I got
around that by forcing it to use its own PCRE library, and wound up with
this configuration string:

./configure --with-openssl=/usr/local/ssl --with-libpcre=included

So far so good.  I got a successful compile.  Now to test:

$ NMAPDIR=. sudo ./nmap -sS -sV -F -v -O netsec0

Unknown argument to -O.
QUITTING!

Hmm.  After lots of further investigations and comparisons with the
nmap-4.20 hierarchy, I figured out that nmap-4.50 is using the getopt()
included with Solaris 9 and not its own, which it did before.  This
version of getopt() behaves differently from the GNU-standard version:
it does not recognize two colons as denoting an optional argument, and
it may eat the next option on the command line if an option with a
required argument does not have one.  From the Solaris man page for
getopt():

     The getopt() function does not  fully  check  for  mandatory
     arguments; that is, given an option string a:b and the input
     -a -b, getopt() assumes that -b is the mandatory argument to
     the  -a  option and not that -a is missing a mandatory argu-
     ment.

So, after futzing around trying to get nmap-4.50 to use its own version
of getopt() and getting nowhere, I gave up and made this change to
nmap.cc:

$ diff -u nmap.cc.0 nmap.cc
--- nmap.cc.0   Fri Nov  2 19:31:02 2007
+++ nmap.cc     Mon Dec 17 16:10:28 2007
@@ -649,7 +649,7 @@
 
   /* OK, lets parse these args! */
   optind = 1; /* so it can be called multiple times */
-  while((arg =
getopt_long_only(argc,fakeargv,"6Ab:D:d::e:Ffg:hIi:M:m:nO::o:P:p:qRrS:s:
T:Vv", long_options, &option_index)) != EOF) {
+  while((arg =
getopt_long_only(argc,fakeargv,"6Ab:D:d::e:Ffg:hIi:M:m:nOo:P:p:qRrS:s:T:
Vv", long_options, &option_index)) != EOF) {
     switch(arg) {
     case 0:
 #ifndef NOLUA
@@ -1000,12 +1000,7 @@
       break;
     case 'n': o.noresolve++; break;
     case 'O': 
-      if (!optarg || *optarg == '2')
-        o.osscan = OS_SCAN_DEFAULT;
-      else if (*optarg == '1')
-        fatal("First-generation OS detection (-O1) is no longer
supported. Use -O instead.");
-      else
-        fatal("Unknown argument to -O.");
+      o.osscan = OS_SCAN_DEFAULT;
       break;
     case 'o':
       normalfilename = optarg;

The only thing that will still break from this is the "-d" option, which
as you can see still has a possible optional argument that Solaris will
not treat correctly, and will expect to be there.  I haven't addressed
this at all.

I haven't mentioned the compiler I'm using:

$ gcc --version
gcc (GCC) 3.2.3
Copyright (C) 2002 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is
NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.

The above was installed using a package from Sunfreeware.com.

Sigh.  I'm getting to hate Solaris.

--
Shane Castle
GSEC GCIH



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org