Nmap Development mailing list archives
Re: [PATCH] Bugfix to random target generation
From: David Fifield <david () bamsoftware com>
Date: Wed, 26 Nov 2008 16:30:30 -0700
On Sun, Nov 23, 2008 at 12:41:35PM +0000, Jack Grahl wrote:
The patch below fixes what appears to be an error in the function ip_is_reserved(). The test which has been removed returns true for all IP addresses of the form *.255.255.255. Either this is a logical error and the intention was to remove 255.255.255.255 as the comment seems to indicate, or it was intended to remove all these addresses. If the first case, the preceding code has in fact already checked for addresses 255.../8. Removing all addresses *.255.255.255 eliminates some which are valid hosts, for example 68.255.255.255, hence the removal. --- nmap.cc~ 2008-09-10 19:32:35.000000000 +0100 +++ nmap.cc 2008-11-23 11:57:48.000000000 +0000 @@ -424,10 +424,6 @@ if (i1 >= 224) return 1; - /* 255.255.255.255, note we already tested for i1 in this range */ - if (i2 == 255 && i3 == 255 && i4 == 255) - return 1; - return 0; }
Thanks. Your analysis is right, that code doesn't do what the comment claims. Those lines go back as far in the Subversion repository as I can track them, back to r2644. So the question is, what is the intent? If it was to block everything in *.255.255.255 then just the comment needs to be changed. I would have thought all those addresses were broadcast addresses, but your 68.255.255.255 has reverse DNS and responds to pings (or something responds to pings on its behalf). If the intent was to block 255.255.255.255 only, then that's already handled and we should apply your patch. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] Bugfix to random target generation Jack Grahl (Nov 23)
- Re: [PATCH] Bugfix to random target generation David Fifield (Nov 26)
- Re: [PATCH] Bugfix to random target generation Fyodor (Nov 30)
- Re: [PATCH] Bugfix to random target generation jah (Nov 30)