Re: [PATCH] Bugfix to random target generation

[David Fifield <david () bamsoftware com>]

On Sun, Nov 23, 2008 at 12:41:35PM +0000, Jack Grahl wrote:
> The patch below fixes what appears to be an error in the function
> ip_is_reserved(). The test which has been removed returns true for all
> IP addresses of the form *.255.255.255. Either this is a logical error
> and the intention was to remove 255.255.255.255 as the comment seems
> to indicate, or it was intended to remove all these addresses. If the
> first case, the preceding code has in fact already checked for
> addresses 255.../8. Removing all addresses *.255.255.255 eliminates
> some which are valid hosts, for example 68.255.255.255, hence the
> removal.
>
> --- nmap.cc~    2008-09-10 19:32:35.000000000 +0100
> +++ nmap.cc     2008-11-23 11:57:48.000000000 +0000
> @@ -424,10 +424,6 @@
>    if (i1 >= 224)
>      return 1;
>
> -  /* 255.255.255.255, note we already tested for i1 in this range */
> -  if (i2 == 255 && i3 == 255 && i4 == 255)
> -    return 1;
> -
>    return 0;
>  }

Thanks. Your analysis is right, that code doesn't do what the comment
claims. Those lines go back as far in the Subversion repository as I can
track them, back to r2644.

So the question is, what is the intent? If it was to block everything
in *.255.255.255 then just the comment needs to be changed. I would have
thought all those addresses were broadcast addresses, but your
68.255.255.255 has reverse DNS and responds to pings (or something
responds to pings on its behalf). If the intent was to block
255.255.255.255 only, then that's already handled and we should apply
your patch.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org