1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
$NetBSD: patch-aq,v 1.1 2002/12/04 21:20:07 skrll Exp $
--- lanbrowsing/lisa/netmanager.cpp.orig Sat Feb 2 22:27:59 2002
+++ lanbrowsing/lisa/netmanager.cpp
@@ -27,6 +27,7 @@
#include <strings.h>
#include <errno.h>
#include <string.h>
+#include <pwd.h>
#ifndef AF_LOCAL
#define AF_LOCAL AF_UNIX
@@ -70,7 +71,7 @@ NetManager::NetManager(int& rawSocketFD,
NetManager::~NetManager()
{
- mgetDebug()<<"netknife destructor ..."<<std::endl;
+ mgetDebug()<<"NetManager destructor ..."<<std::endl;
if (m_receiveBuffer!=0) delete [] m_receiveBuffer;
::close(m_listenFD);
::close(m_bcFD);
@@ -131,14 +132,28 @@ int NetManager::prepare()
m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, 0);
//m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, IPPROTO_TCP);
MyString socketName("/tmp/resLisa-");
- socketName+=getenv("LOGNAME");
+ struct passwd *user = getpwuid( getuid() );
+ if ( user )
+ socketName+=user->pw_name;
+ else
+ //should never happen
+ socketName+="???";
::unlink(socketName.data());
sockaddr_un serverAddr;
-// bzero((char*)&serverAddr, sizeof(serverAddr));
+ if (socketName.length() >= sizeof(serverAddr.sun_path))
+ {
+ std::cout<<"NetManager::prepare: your user name \""<<user->pw_name<<"\" is too long, exiting."<<std::endl;
+ return 0;
+ }
memset((void*)&serverAddr, 0, sizeof(serverAddr));
- serverAddr.sun_family = AF_LOCAL;
- strcpy(serverAddr.sun_path,socketName.data());
- ::bind(m_listenFD,(sockaddr*) &serverAddr,sizeof(serverAddr));
+ serverAddr.sun_family=AF_LOCAL;
+ strncpy(serverAddr.sun_path,socketName.data(),sizeof(serverAddr.sun_path));
+ result=::bind(m_listenFD,(sockaddr*) &serverAddr,sizeof(serverAddr));
+ if (result!=0)
+ {
+ std::cout<<"NetManager::prepare: bind (UNIX socket) failed, errno: "<<errno<<std::endl;
+ return 0;
+ }
}
else
{
@@ -148,7 +163,7 @@ int NetManager::prepare()
{
std::cout<<"NetManager::prepare: socket(TCP) failed, errno: "<<errno<<std::endl;
return 0;
- };
+ }
sockaddr_in serverAddress;
// bzero((char*)&serverAddress, sizeof(serverAddress));
@@ -654,6 +669,10 @@ int NetManager::readDataFromFD(int fd)
m_receivedBytes+=result;
if (m_receiveBuffer!=0) delete [] m_receiveBuffer;
m_receiveBuffer=newBuf;
+ // too much data - abort at 2MB to avoid memory exhaustion
+ if (m_receivedBytes>2*1024*1024)
+ return 0;
+
return 1;
};
@@ -665,14 +684,15 @@ int NetManager::processScanResults()
char *tmpBuf=m_receiveBuffer;
int bytesLeft=m_receivedBytes;
- int tmpIP;
mgetDebug()<<"m_receivedBytes: "<<m_receivedBytes<<" bytesLeft: "<<bytesLeft<<std::endl;
//this should be large enough for a name
//and the stuff which is inserted into the buffer
- //comes only from ourselves
+ //comes only from ourselves ... or attackers :-(
char tmpName[1024*4];
while (bytesLeft>0)
{
+ int tmpIP=2; // well, some impossible IP address, 0 and 1 are already used for the last line of output
+ tmpName[0]='\0';
if ((memchr(tmpBuf,0,bytesLeft)==0) || (memchr(tmpBuf,int('\n'),bytesLeft)==0))
{
delete newNodes;
@@ -687,14 +707,16 @@ int NetManager::processScanResults()
return 0;
};
//mgetDebug()<<"NetManager::processScanResults: processing -"<<tmpBuf;
- sscanf(tmpBuf,"%u %s\n",&tmpIP,tmpName);
//since we check for 0 and \n with memchr() we can be sure
//at this point that tmpBuf is correctly terminated
int length=strlen(tmpBuf)+1;
+ if (length<(4*1024))
+ sscanf(tmpBuf,"%u %s\n",&tmpIP,tmpName);
+
bytesLeft-=length;
tmpBuf+=length;
mgetDebug()<<"length: "<<length<<" bytesLeft: "<<bytesLeft<<std::endl;
- if ((bytesLeft==0) && (strstr(tmpName,"succeeded")!=0) && ((tmpIP==0) ||(tmpIP==1)))
+ if ((bytesLeft==0) && ((tmpIP==0) ||(tmpIP==1)) && (strstr(tmpName,"succeeded")!=0))
{
mgetDebug()<<"NetManager::processScanResults: succeeded :-)"<<std::endl;
delete hostList;
@@ -712,7 +734,7 @@ int NetManager::processScanResults()
return 1;
}
- else
+ else if (tmpIP!=2)
{
//mgetDebug()<<"NetManager::processScanResults: adding host: "<<tmpName<<" with ip: "<<tmpIP<<std::endl;
newNodes->append(Node(tmpName,tmpIP));
|