rpms/nmap
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Replace FD_ functions with safe implementation

Browse Source
This commit is contained in:
Pavel Zhukov 2021-01-13 08:01:05 +01:00
parent b9eb387d27
commit 967a8ef813
2 changed files with 375 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

369
nmap-safe_fd_functions.patch Normal file
View File

@ -0,0 +1,369 @@
diff --git a/ncat/ncat_core.c b/ncat/ncat_core.c
index f734247..b76d5ea 100644
--- a/ncat/ncat_core.c
+++ b/ncat/ncat_core.c
@@ -498,7 +498,7 @@ int ncat_broadcast(fd_set *fds, const fd_list_t *fdlist, const char *msg, size_t
ret = 0;
for (i = 0; i <= fdlist->fdmax; i++) {
- if (!FD_ISSET(i, fds))
+ if (!checked_fd_isset(i, fds))
continue;
fdn = get_fdinfo(fdlist, i);
diff --git a/ncat/ncat_listen.c b/ncat/ncat_listen.c
index 1e0c22f..bf4d54f 100644
--- a/ncat/ncat_listen.c
+++ b/ncat/ncat_listen.c
@@ -312,10 +312,10 @@ static int ncat_listen_stream(int proto)
unblock_socket(listen_socket[num_sockets]);
/* setup select sets and max fd */
- FD_SET(listen_socket[num_sockets], &master_readfds);
+ checked_fd_set(listen_socket[num_sockets], &master_readfds);
add_fd(&client_fdlist, listen_socket[num_sockets]);
- FD_SET(listen_socket[num_sockets], &listen_fds);
+ checked_fd_set(listen_socket[num_sockets], &listen_fds);
num_sockets++;
}
@@ -368,7 +368,7 @@ static int ncat_listen_stream(int proto)
*/
for (i = 0; i <= client_fdlist.fdmax && fds_ready > 0; i++) {
/* Loop through descriptors until there's something to read */
- if (!FD_ISSET(i, &readfds) && !FD_ISSET(i, &writefds))
+ if (!checked_fd_isset(i, &readfds) && !checked_fd_isset(i, &writefds))
continue;
if (o.debug > 1)
@@ -376,30 +376,30 @@ static int ncat_listen_stream(int proto)
#ifdef HAVE_OPENSSL
/* Is this an ssl socket pending a handshake? If so handle it. */
- if (o.ssl && FD_ISSET(i, &sslpending_fds)) {
+ if (o.ssl && checked_fd_isset(i, &sslpending_fds)) {
struct fdinfo *fdi = NULL;
- FD_CLR(i, &master_readfds);
- FD_CLR(i, &master_writefds);
+ checked_fd_clr(i, &master_readfds);
+ checked_fd_clr(i, &master_writefds);
fdi = get_fdinfo(&client_fdlist, i);
ncat_assert(fdi != NULL);
switch (ssl_handshake(fdi)) {
case NCAT_SSL_HANDSHAKE_COMPLETED:
/* Clear from sslpending_fds once ssl is established */
- FD_CLR(i, &sslpending_fds);
+ checked_fd_clr(i, &sslpending_fds);
post_handle_connection(*fdi);
break;
case NCAT_SSL_HANDSHAKE_PENDING_WRITE:
- FD_SET(i, &master_writefds);
+ checked_fd_set(i, &master_writefds);
break;
case NCAT_SSL_HANDSHAKE_PENDING_READ:
- FD_SET(i, &master_readfds);
+ checked_fd_set(i, &master_readfds);
break;
case NCAT_SSL_HANDSHAKE_FAILED:
default:
SSL_free(fdi->ssl);
Close(fdi->fd);
- FD_CLR(i, &sslpending_fds);
- FD_CLR(i, &master_readfds);
+ checked_fd_clr(i, &sslpending_fds);
+ checked_fd_clr(i, &master_readfds);
rm_fd(&client_fdlist, i);
/* Are we in single listening mode(without -k)? If so
then we should quit also. */
@@ -410,7 +410,7 @@ static int ncat_listen_stream(int proto)
}
} else
#endif
- if (FD_ISSET(i, &listen_fds)) {
+ if (checked_fd_isset(i, &listen_fds)) {
/* we have a new connection request */
handle_connection(i);
} else if (i == STDIN_FILENO) {
@@ -490,7 +490,7 @@ static void handle_connection(int socket_accept)
int i;
for (i = 0; i < num_listenaddrs; i++) {
Close(listen_socket[i]);
- FD_CLR(listen_socket[i], &master_readfds);
+ checked_fd_clr(listen_socket[i], &master_readfds);
rm_fd(&client_fdlist, listen_socket[i]);
}
}
@@ -528,9 +528,9 @@ static void handle_connection(int socket_accept)
#ifdef HAVE_OPENSSL
if (o.ssl) {
/* Add the socket to the necessary descriptor lists. */
- FD_SET(s.fd, &sslpending_fds);
- FD_SET(s.fd, &master_readfds);
- FD_SET(s.fd, &master_writefds);
+ checked_fd_set(s.fd, &sslpending_fds);
+ checked_fd_set(s.fd, &master_readfds);
+ checked_fd_set(s.fd, &master_writefds);
/* Add it to our list of fds too for maintaining maxfd. */
if (add_fdinfo(&client_fdlist, &s) < 0)
bye("add_fdinfo() failed.");
@@ -563,10 +563,10 @@ static void post_handle_connection(struct fdinfo sinfo)
} else {
/* Now that a client is connected, pay attention to stdin. */
if (!stdin_eof)
- FD_SET(STDIN_FILENO, &master_readfds);
+ checked_fd_set(STDIN_FILENO, &master_readfds);
if (!o.sendonly) {
/* add to our lists */
- FD_SET(sinfo.fd, &master_readfds);
+ checked_fd_set(sinfo.fd, &master_readfds);
/* add it to our list of fds for maintaining maxfd */
#ifdef HAVE_OPENSSL
/* Don't add it twice (see handle_connection above) */
@@ -578,7 +578,7 @@ static void post_handle_connection(struct fdinfo sinfo)
}
#endif
}
- FD_SET(sinfo.fd, &master_broadcastfds);
+ checked_fd_set(sinfo.fd, &master_broadcastfds);
if (add_fdinfo(&broadcast_fdlist, &sinfo) < 0)
bye("add_fdinfo() failed.");
@@ -603,7 +603,7 @@ int read_stdin(void)
logdebug("EOF on stdin\n");
/* Don't close the file because that allows a socket to be fd 0. */
- FD_CLR(STDIN_FILENO, &master_readfds);
+ checked_fd_clr(STDIN_FILENO, &master_readfds);
/* Buf mark that we've seen EOF so it doesn't get re-added to the
select list. */
stdin_eof = 1;
@@ -656,14 +656,14 @@ int read_socket(int recv_fd)
}
#endif
close(recv_fd);
- FD_CLR(recv_fd, &master_readfds);
+ checked_fd_clr(recv_fd, &master_readfds);
rm_fd(&client_fdlist, recv_fd);
- FD_CLR(recv_fd, &master_broadcastfds);
+ checked_fd_clr(recv_fd, &master_broadcastfds);
rm_fd(&broadcast_fdlist, recv_fd);
conn_inc--;
if (get_conn_count() == 0)
- FD_CLR(STDIN_FILENO, &master_readfds);
+ checked_fd_clr(STDIN_FILENO, &master_readfds);
return n;
}
@@ -753,7 +753,7 @@ static int ncat_listen_dgram(int proto)
logdebug("do_listen(\"%s\"): %s\n", inet_ntop_ez(&listenaddrs[i].storage, sizeof(listenaddrs[i].storage)), socket_strerror(socket_errno()));
continue;
}
- FD_SET(sockfd[num_sockets].fd, &listen_fds);
+ checked_fd_set(sockfd[num_sockets].fd, &listen_fds);
add_fd(&listen_fdlist, sockfd[num_sockets].fd);
sockfd[num_sockets].addr = listenaddrs[i];
num_sockets++;
@@ -773,14 +773,14 @@ static int ncat_listen_dgram(int proto)
if (fdn != -1) {
/*remove socket descriptor which is burnt */
- FD_CLR(sockfd[fdn].fd, &listen_fds);
+ checked_fd_clr(sockfd[fdn].fd, &listen_fds);
rm_fd(&listen_fdlist, sockfd[fdn].fd);
/* Rebuild the udp socket which got burnt */
sockfd[fdn].fd = do_listen(SOCK_DGRAM, proto, &sockfd[fdn].addr);
if (sockfd[fdn].fd == -1)
bye("do_listen: %s", socket_strerror(socket_errno()));
- FD_SET(sockfd[fdn].fd, &listen_fds);
+ checked_fd_set(sockfd[fdn].fd, &listen_fds);
add_fd(&listen_fdlist, sockfd[fdn].fd);
}
@@ -818,7 +818,7 @@ static int ncat_listen_dgram(int proto)
*/
for (i = 0; i <= listen_fdlist.fdmax && fds_ready > 0; i++) {
/* Loop through descriptors until there is something ready */
- if (!FD_ISSET(i, &fds))
+ if (!checked_fd_isset(i, &fds))
continue;
/* Check each listening socket */
@@ -911,8 +911,8 @@ static int ncat_listen_dgram(int proto)
continue;
}
- FD_SET(socket_n, &read_fds);
- FD_SET(STDIN_FILENO, &read_fds);
+ checked_fd_set(socket_n, &read_fds);
+ checked_fd_set(STDIN_FILENO, &read_fds);
fdmax = socket_n;
/* stdin -> socket and socket -> stdout */
@@ -932,7 +932,7 @@ static int ncat_listen_dgram(int proto)
if (fds_ready == 0)
bye("Idle timeout expired (%d ms).", o.idletimeout);
- if (FD_ISSET(STDIN_FILENO, &fds)) {
+ if (checked_fd_isset(STDIN_FILENO, &fds)) {
nbytes = Read(STDIN_FILENO, buf, sizeof(buf));
if (nbytes <= 0) {
if (nbytes < 0 && o.verbose) {
@@ -940,7 +940,7 @@ static int ncat_listen_dgram(int proto)
} else if (nbytes == 0 && o.debug) {
logdebug("EOF on stdin\n");
}
- FD_CLR(STDIN_FILENO, &read_fds);
+ checked_fd_clr(STDIN_FILENO, &read_fds);
if (nbytes < 0)
return 1;
continue;
@@ -964,7 +964,7 @@ static int ncat_listen_dgram(int proto)
tempbuf = NULL;
}
}
- if (FD_ISSET(socket_n, &fds)) {
+ if (checked_fd_isset(socket_n, &fds)) {
nbytes = recv(socket_n, buf, sizeof(buf), 0);
if (nbytes < 0) {
loguser("%s.\n", socket_strerror(socket_errno()));
@@ -1048,7 +1048,7 @@ static void read_and_broadcast(int recv_fd)
/* Don't close the file because that allows a socket to be
fd 0. */
- FD_CLR(recv_fd, &master_readfds);
+ checked_fd_clr(recv_fd, &master_readfds);
/* But mark that we've seen EOF so it doesn't get re-added to
the select list. */
stdin_eof = 1;
@@ -1075,14 +1075,14 @@ static void read_and_broadcast(int recv_fd)
}
#endif
close(recv_fd);
- FD_CLR(recv_fd, &master_readfds);
+ checked_fd_clr(recv_fd, &master_readfds);
rm_fd(&client_fdlist, recv_fd);
- FD_CLR(recv_fd, &master_broadcastfds);
+ checked_fd_clr(recv_fd, &master_broadcastfds);
rm_fd(&broadcast_fdlist, recv_fd);
conn_inc--;
if (conn_inc == 0)
- FD_CLR(STDIN_FILENO, &master_readfds);
+ checked_fd_clr(STDIN_FILENO, &master_readfds);
if (o.chat)
chat_announce_disconnect(recv_fd);
@@ -1113,7 +1113,7 @@ static void read_and_broadcast(int recv_fd)
/* Send to everyone except the one who sent this message. */
broadcastfds = master_broadcastfds;
- FD_CLR(recv_fd, &broadcastfds);
+ checked_fd_clr(recv_fd, &broadcastfds);
ncat_broadcast(&broadcastfds, &broadcast_fdlist, outbuf, n);
free(chatbuf);
@@ -1128,7 +1128,7 @@ static void shutdown_sockets(int how)
int i;
for (i = 0; i <= broadcast_fdlist.fdmax; i++) {
- if (!FD_ISSET(i, &master_broadcastfds))
+ if (!checked_fd_isset(i, &master_broadcastfds))
continue;
fdn = get_fdinfo(&broadcast_fdlist, i);
@@ -1153,7 +1153,7 @@ static int chat_announce_connect(int fd, const union sockaddr_u *su)
union sockaddr_u su;
socklen_t len = sizeof(su.storage);
- if (i == fd || !FD_ISSET(i, &master_broadcastfds))
+ if (i == fd || !checked_fd_isset(i, &master_broadcastfds))
continue;
if (getpeername(i, &su.sockaddr, &len) == -1)
diff --git a/ncat/ncat_posix.c b/ncat/ncat_posix.c
index 12207c0..9709e63 100644
--- a/ncat/ncat_posix.c
+++ b/ncat/ncat_posix.c
@@ -273,8 +273,8 @@ void netexec(struct fdinfo *info, char *cmdexec)
int r, n_r;
FD_ZERO(&fds);
- FD_SET(info->fd, &fds);
- FD_SET(child_stdout[0], &fds);
+ checked_fd_set(info->fd, &fds);
+ checked_fd_set(child_stdout[0], &fds);
r = fselect(maxfd + 1, &fds, NULL, NULL, NULL);
if (r == -1) {
@@ -283,7 +283,7 @@ void netexec(struct fdinfo *info, char *cmdexec)
else
break;
}
- if (FD_ISSET(info->fd, &fds)) {
+ if (checked_fd_isset(info->fd, &fds)) {
int pending;
do {
@@ -293,7 +293,7 @@ void netexec(struct fdinfo *info, char *cmdexec)
write_loop(child_stdin[1], buf, n_r);
} while (pending);
}
- if (FD_ISSET(child_stdout[0], &fds)) {
+ if (checked_fd_isset(child_stdout[0], &fds)) {
char *crlf = NULL, *wbuf;
n_r = read(child_stdout[0], buf, sizeof(buf));
if (n_r <= 0)
diff --git a/ncat/ncat_proxy.c b/ncat/ncat_proxy.c
index 72fe2ea..51ad9c4 100644
--- a/ncat/ncat_proxy.c
+++ b/ncat/ncat_proxy.c
@@ -234,7 +234,7 @@ int ncat_http_server(void)
unblock_socket(listen_socket[num_sockets]);
/* setup select sets and max fd */
- FD_SET(listen_socket[num_sockets], &listen_fds);
+ checked_fd_set(listen_socket[num_sockets], &listen_fds);
add_fd(&listen_fdlist, listen_socket[num_sockets]);
num_sockets++;
@@ -267,7 +267,7 @@ int ncat_http_server(void)
for (i = 0; i <= listen_fdlist.fdmax && fds_ready > 0; i++) {
/* Loop through descriptors until there is something ready */
- if (!FD_ISSET(i, &read_fds))
+ if (!checked_fd_isset(i, &read_fds))
continue;
/* Check each listening socket */
@@ -525,8 +525,8 @@ static int handle_connect(struct socket_buffer *client_sock,
maxfd = client_sock->fdn.fd < s ? s : client_sock->fdn.fd;
FD_ZERO(&m);
- FD_SET(client_sock->fdn.fd, &m);
- FD_SET(s, &m);
+ checked_fd_set(client_sock->fdn.fd, &m);
+ checked_fd_set(s, &m);
errno = 0;
@@ -540,7 +540,7 @@ static int handle_connect(struct socket_buffer *client_sock,
zmem(buf, sizeof(buf));
- if (FD_ISSET(client_sock->fdn.fd, &r)) {
+ if (checked_fd_isset(client_sock->fdn.fd, &r)) {
do {
do {
len = fdinfo_recv(&client_sock->fdn, buf, sizeof(buf));
@@ -556,7 +556,7 @@ static int handle_connect(struct socket_buffer *client_sock,
} while (fdinfo_pending(&client_sock->fdn));
}
- if (FD_ISSET(s, &r)) {
+ if (checked_fd_isset(s, &r)) {
do {
len = recv(s, buf, sizeof(buf), 0);
} while (len == -1 && socket_errno() == EINTR);

8
nmap.spec
View File

@ -7,7 +7,7 @@ Name: nmap
Epoch: 3
Version: 7.80
#global prerelease TEST5
Release: 7%{?dist}
Release: 8%{?dist}
Summary: Network exploration tool and security scanner
URL: http://nmap.org/
# Uses combination of licenses based on GPL license, but with extra modification
@ -30,6 +30,7 @@ Patch3: ncat_reg_stdin.diff
Patch4: nmap-6.25-displayerror.patch
# https://github.com/nmap/nmap/commit/33f421fd6e68fcb8ed50071661d9704717c81b2b.patch
Patch5: nmap-unsolicited_arp_assert.patch
Patch6: nmap-safe_fd_functions.patch
BuildRequires: automake make
@ -142,7 +143,10 @@ ln -s ncat %{buildroot}%{_bindir}/nc
%{_mandir}/man1/ncat.1.gz
%changelog
* Sun Jan 10 2021 Pavel Zhukov <pzhukov@redhat.com> - 3:7.80-7
* Wed Jan 13 2021 Pavel Zhukov <pzhukov@redhat.com> - 3:7.80-8
- Replace FD_ functions with safe implementation (#1914734)
* Sun Jan 10 2021 Pavel Zhukov <pzhukov@redhat.com> - 3:7.80-7
- Drop nmap >= 7.90
* Thu Aug 20 2020 Pavel Zhukov <pzhukov@redhat.com> - 2:7.80-6