=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/nc/netcat.c,v retrieving revision 1.6 retrieving revision 1.7 diff -c -r1.6 -r1.7 *** src/usr.bin/nc/netcat.c 2000/01/24 19:13:33 1.6 --- src/usr.bin/nc/netcat.c 2000/01/31 19:31:42 1.7 *************** *** 1,29 **** /* Netcat 1.10 RELEASE 960320 ! ! A damn useful little "backend" utility begun 950915 or thereabouts, ! as *Hobbit*'s first real stab at some sockets programming. Something that ! should have and indeed may have existed ten years ago, but never became a ! standard Unix utility. IMHO, "nc" could take its place right next to cat, ! cp, rm, mv, dd, ls, and all those other cryptic and Unix-like things. ! ! Read the README for the whole story, doc, applications, etc. ! ! Layout: ! conditional includes: ! includes: ! handy defines: ! globals: ! malloced globals: ! cmd-flag globals: ! support routines: ! readwrite select loop: ! main: ! ! bluesky: ! parse ranges of IP address as well as ports, perhaps ! RAW mode! ! backend progs to grab a pty and look like a real telnetd?! ! backend progs to do various encryption modes??!?! */ #include "generic.h" /* same as with L5, skey, etc */ --- 1,29 ---- /* Netcat 1.10 RELEASE 960320 ! * ! * A damn useful little "backend" utility begun 950915 or thereabouts, ! * as *Hobbit*'s first real stab at some sockets programming. Something that ! * should have and indeed may have existed ten years ago, but never became a ! * standard Unix utility. IMHO, "nc" could take its place right next to cat, ! * cp, rm, mv, dd, ls, and all those other cryptic and Unix-like things. ! * ! * Read the README for the whole story, doc, applications, etc. ! * ! * Layout: ! * conditional includes: ! * includes: ! * handy defines: ! * globals: ! * malloced globals: ! * cmd-flag globals: ! * support routines: ! * readwrite select loop: ! * main: ! * ! * bluesky: ! * parse ranges of IP address as well as ports, perhaps ! * RAW mode! ! * backend progs to grab a pty and look like a real telnetd?! ! * backend progs to do various encryption modes??!?! */ #include "generic.h" /* same as with L5, skey, etc */ *************** *** 32,58 **** for your own architecture [and please send diffs...]: */ /* #undef _POSIX_SOURCE /* might need this for something? */ #define HAVE_BIND /* ASSUMPTION -- seems to work everywhere! */ - #define HAVE_HELP /* undefine if you dont want the help text */ ! #ifdef HAVE_STDLIB_H ! #include ! #else ! #include ! #endif ! #ifdef HAVE_SELECT_H /* random SV variants need this */ #include ! #endif ! #ifdef HAVE_UNISTD_H #include - #endif - /* have to do this *before* including types.h. xxx: Linux still has it wrong */ - #ifdef FD_SETSIZE /* should be in types.h, butcha never know. */ - #undef FD_SETSIZE /* if we ever need more than 16 active */ - #endif /* fd's, something is horribly wrong! */ - #define FD_SETSIZE 16 /* <-- this'll give us a long anyways, wtf */ - #include /* *now* do it. Sigh, this is broken */ - #ifdef HAVE_RANDOM /* aficionados of ?rand48() should realize */ #define SRAND srandom /* that this doesn't need *strong* random */ #define RAND random /* numbers just to mix up port numbers!! */ --- 32,56 ---- for your own architecture [and please send diffs...]: */ /* #undef _POSIX_SOURCE /* might need this for something? */ #define HAVE_BIND /* ASSUMPTION -- seems to work everywhere! */ ! #include ! #include #include ! #include ! #include ! #include ! #include ! #include ! #include /* hostent, gethostby*, getservby* */ ! #include ! #include ! #include ! #include ! #include ! #include ! #include #include #ifdef HAVE_RANDOM /* aficionados of ?rand48() should realize */ #define SRAND srandom /* that this doesn't need *strong* random */ #define RAND random /* numbers just to mix up port numbers!! */ *************** *** 61,118 **** #define RAND rand #endif /* HAVE_RANDOM */ - /* includes: */ - #include /* timeval, time_t */ - #include /* jmp_buf et al */ - #include /* basics, SO_ and AF_ defs, sockaddr, ... */ - #include /* sockaddr_in, htons, in_addr */ - #include /* misc crud that netinet/ip.h references */ - #include /* IPOPT_LSRR, header stuff */ - #include /* hostent, gethostby*, getservby* */ - #include /* inet_ntoa */ - #include - #include /* strcpy, strchr, yadda yadda */ - #include - #include - #include /* O_WRONLY et al */ - - /* handy stuff: */ - #define SA struct sockaddr /* socket overgeneralization braindeath */ - #define SAI struct sockaddr_in /* ... whoever came up with this model */ - #define IA struct in_addr /* ... should be taken out and shot, */ - /* ... not that TLI is any better. sigh.. */ #define SLEAZE_PORT 31337 /* for UDP-scan RTT trick, change if ya want */ - #define USHORT unsigned short /* use these for options an' stuff */ #define BIGSIZ 8192 /* big buffers */ ! #ifndef INADDR_NONE ! #define INADDR_NONE 0xffffffff ! #endif ! ! struct host_poop { char name[MAXHOSTNAMELEN]; /* dns name */ char addrs[8][24]; /* ascii-format IP addresses */ struct in_addr iaddrs[8]; /* real addresses: in_addr.s_addr: * ulong */ }; - #define HINF struct host_poop ! struct port_poop { char name[64]; /* name in /etc/services */ char anum[8]; /* ascii-format number */ ! USHORT num; /* real host-order number */ }; - #define PINF struct port_poop /* globals: */ jmp_buf jbuf; /* timer crud */ int jval = 0; /* timer crud */ int netfd = -1; int ofd = 0; /* hexdump output fd */ ! static char unknown[] = "(UNKNOWN)"; ! static char p_tcp[] = "tcp"; /* for getservby* */ ! static char p_udp[] = "udp"; ! #ifdef HAVE_BIND extern int h_errno; /* stolen almost wholesale from bsd herror.c */ static char *h_errs[] = { --- 59,86 ---- #define RAND rand #endif /* HAVE_RANDOM */ #define SLEAZE_PORT 31337 /* for UDP-scan RTT trick, change if ya want */ #define BIGSIZ 8192 /* big buffers */ ! struct host_info { char name[MAXHOSTNAMELEN]; /* dns name */ char addrs[8][24]; /* ascii-format IP addresses */ struct in_addr iaddrs[8]; /* real addresses: in_addr.s_addr: * ulong */ }; ! struct port_info { char name[64]; /* name in /etc/services */ char anum[8]; /* ascii-format number */ ! u_short num; /* real host-order number */ }; /* globals: */ jmp_buf jbuf; /* timer crud */ int jval = 0; /* timer crud */ int netfd = -1; int ofd = 0; /* hexdump output fd */ ! extern int h_errno; /* stolen almost wholesale from bsd herror.c */ static char *h_errs[] = { *************** *** 122,133 **** "Unknown server error", /* 3 NO_RECOVERY */ "No address associated with name", /* 4 NO_ADDRESS */ }; ! #else ! int h_errno; /* just so we *do* have it available */ ! #endif /* HAVE_BIND */ int gatesidx = 0; /* LSRR hop count */ int gatesptr = 4; /* initial LSRR pointer, settable */ ! USHORT Single = 1; /* zero if scanning */ unsigned int insaved = 0; /* stdin-buffer size for multi-mode */ unsigned int wrote_out = 0; /* total stdout bytes */ unsigned int wrote_net = 0; /* total net bytes */ --- 90,99 ---- "Unknown server error", /* 3 NO_RECOVERY */ "No address associated with name", /* 4 NO_ADDRESS */ }; ! int gatesidx = 0; /* LSRR hop count */ int gatesptr = 4; /* initial LSRR pointer, settable */ ! u_short Single = 1; /* zero if scanning */ unsigned int insaved = 0; /* stdin-buffer size for multi-mode */ unsigned int wrote_out = 0; /* total stdout bytes */ unsigned int wrote_net = 0; /* total net bytes */ *************** *** 135,164 **** static char hexnibs[20] = "0123456789abcdef "; /* will malloc up the following globals: */ ! struct timeval *timer1 = NULL; ! struct timeval *timer2 = NULL; ! SAI *lclend = NULL; /* sockaddr_in structs */ ! SAI *remend = NULL; ! HINF **gates = NULL; /* LSRR hop hostpoop */ char *optbuf = NULL; /* LSRR or sockopts */ char *bigbuf_in; /* data buffers */ char *bigbuf_net; ! fd_set *ding1; /* for select loop */ ! fd_set *ding2; ! PINF *portpoop = NULL; /* for getportpoop / getservby* */ unsigned char *stage = NULL; /* hexdump line buffer */ /* global cmd flags: */ ! USHORT o_alla = 0; unsigned int o_interval = 0; ! USHORT o_listen = 0; ! USHORT o_nflag = 0; ! USHORT o_wfile = 0; ! USHORT o_random = 0; ! USHORT o_udpmode = 0; ! USHORT o_verbose = 0; unsigned int o_wait = 0; ! USHORT o_zero = 0; /* o_tn in optional section */ /* Debug macro: squirt whatever message and sleep a bit so we can see it go --- 101,128 ---- static char hexnibs[20] = "0123456789abcdef "; /* will malloc up the following globals: */ ! struct timeval timer1, timer2; ! struct sockaddr_in *lclend = NULL; /* sockaddr_in structs */ ! struct sockaddr_in *remend = NULL; ! struct host_info **gates = NULL; /* LSRR hop hostpoop */ char *optbuf = NULL; /* LSRR or sockopts */ char *bigbuf_in; /* data buffers */ char *bigbuf_net; ! fd_set fds1, fds2; ! struct port_info *portpoop = NULL; /* for getportpoop / getservby* */ unsigned char *stage = NULL; /* hexdump line buffer */ /* global cmd flags: */ ! u_short o_alla = 0; unsigned int o_interval = 0; ! u_short o_listen = 0; ! u_short o_nflag = 0; ! u_short o_wfile = 0; ! u_short o_random = 0; ! u_short o_udpmode = 0; ! u_short o_verbose = 0; unsigned int o_wait = 0; ! u_short o_zero = 0; /* o_tn in optional section */ /* Debug macro: squirt whatever message and sleep a bit so we can see it go *************** *** 201,207 **** fprintf(stderr, "\n"); fflush(stderr); } ! } /* holler */ /* bail : error-exit handler, callable from anywhere */ --- 165,171 ---- fprintf(stderr, "\n"); fflush(stderr); } ! } /* bail : error-exit handler, callable from anywhere */ *************** *** 213,221 **** o_verbose = 1; holler(str, p1, p2, p3, p4, p5, p6); close(netfd); - sleep(1); exit(1); ! } /* bail */ /* catch : no-brainer interrupt handler */ --- 177,184 ---- o_verbose = 1; holler(str, p1, p2, p3, p4, p5, p6); close(netfd); exit(1); ! } /* catch : no-brainer interrupt handler */ *************** *** 255,278 **** alarm(secs); jval = num; } /* if secs */ ! } /* arm */ - /* Hmalloc : - malloc up what I want, rounded up to *4, and pre-zeroed. Either succeeds - or bails out on its own, so that callers don't have to worry about it. */ - char * - Hmalloc(size) - unsigned int size; - { - unsigned int s = (size + 4) & 0xfffffffc; /* 4GB?! */ - char *p = malloc(s); - if (p != NULL) - memset(p, 0, s); - else - bail("Hmalloc %d failed", s); - return (p); - } /* Hmalloc */ - /* findline : find the next newline in a buffer; return inclusive size of that "line", or the entire buffer size, so the caller knows how much to then write(). --- 218,225 ---- alarm(secs); jval = num; } /* if secs */ ! } /* findline : find the next newline in a buffer; return inclusive size of that "line", or the entire buffer size, so the caller knows how much to then write(). *************** *** 300,315 **** } /* for */ Debug(("findline returning whole thing: %d", siz)) return (siz); ! } /* findline */ /* comparehosts : ! cross-check the host_poop we have so far against new gethostby*() info, and holler about mismatches. Perhaps gratuitous, but it can't hurt to point out when someone's DNS is fukt. Returns 1 if mismatch, in case someone else wants to do something about it. */ int comparehosts(poop, hp) ! HINF *poop; struct hostent *hp; { errno = 0; --- 247,262 ---- } /* for */ Debug(("findline returning whole thing: %d", siz)) return (siz); ! } /* comparehosts : ! cross-check the host_info we have so far against new gethostby*() info, and holler about mismatches. Perhaps gratuitous, but it can't hurt to point out when someone's DNS is fukt. Returns 1 if mismatch, in case someone else wants to do something about it. */ int comparehosts(poop, hp) ! struct host_info *poop; struct hostent *hp; { errno = 0; *************** *** 320,340 **** } return (0); /* ... do we need to do anything over and above that?? */ ! } /* comparehosts */ /* gethostpoop : ! resolve a host 8 ways from sunday; return a new host_poop struct with its info. The argument can be a name or [ascii] IP address; it will try its damndest to deal with it. "numeric" governs whether we do any DNS at all, and we also check o_verbose for what's appropriate work to do. */ ! HINF * gethostpoop(name, numeric) char *name; ! USHORT numeric; { struct hostent *hostent; struct in_addr iaddr; ! register HINF *poop = NULL; register int x; /* I really want to strangle the twit who dreamed up all these sockaddr and --- 267,287 ---- } return (0); /* ... do we need to do anything over and above that?? */ ! } /* gethostpoop : ! resolve a host 8 ways from sunday; return a new host_info struct with its info. The argument can be a name or [ascii] IP address; it will try its damndest to deal with it. "numeric" governs whether we do any DNS at all, and we also check o_verbose for what's appropriate work to do. */ ! struct host_info * gethostpoop(name, numeric) char *name; ! u_short numeric; { struct hostent *hostent; struct in_addr iaddr; ! register struct host_info *poop = NULL; register int x; /* I really want to strangle the twit who dreamed up all these sockaddr and *************** *** 359,370 **** errno = 0; h_errno = 0; if (name) ! poop = (HINF *) Hmalloc(sizeof(HINF)); if (!poop) bail("gethostpoop fuxored"); ! strlcpy(poop->name, unknown, sizeof(poop->name)); /* preload it */ ! if (inet_aton(name, &iaddr) == 0) { /* here's the great split: ! * names... */ if (numeric) bail("Can't parse %s as an IP address", name); --- 306,316 ---- errno = 0; h_errno = 0; if (name) ! poop = (struct host_info *) calloc(1, sizeof(struct host_info)); if (!poop) bail("gethostpoop fuxored"); ! strlcpy(poop->name, "(UNKNOWN)", sizeof(poop->name)); ! if (inet_aton(name, &iaddr) == 0) { if (numeric) bail("Can't parse %s as an IP address", name); *************** *** 372,392 **** if (!hostent) /* failure to look up a name is fatal, since we can't do anything with it */ bail("%s: forward host lookup failed: ", name); ! strncpy(poop->name, hostent->h_name, MAXHOSTNAMELEN - 1); ! poop->name[MAXHOSTNAMELEN - 1] = '\0'; for (x = 0; hostent->h_addr_list[x] && (x < 8); x++) { ! memcpy(&poop->iaddrs[x], hostent->h_addr_list[x], sizeof(IA)); ! strncpy(poop->addrs[x], inet_ntoa(poop->iaddrs[x]), ! sizeof(poop->addrs[0]) - 1); ! poop->addrs[x][sizeof(poop->addrs[0]) - 1] = '\0'; ! } /* for x -> addrs, part A */ if (!o_verbose) /* if we didn't want to see the */ return (poop); /* inverse stuff, we're done. */ /* do inverse lookups in separate loop based on our collected forward addrs, since gethostby* tends to crap into the same buffer over and over */ for (x = 0; poop->iaddrs[x].s_addr && (x < 8); x++) { hostent = gethostbyaddr((char *) &poop->iaddrs[x], ! sizeof(IA), AF_INET); if ((!hostent) || (!hostent->h_name)) holler("Warning: inverse host lookup failed for %s: ", poop->addrs[x]); --- 318,337 ---- if (!hostent) /* failure to look up a name is fatal, since we can't do anything with it */ bail("%s: forward host lookup failed: ", name); ! strlcpy(poop->name, hostent->h_name, MAXHOSTNAMELEN); for (x = 0; hostent->h_addr_list[x] && (x < 8); x++) { ! memcpy(&poop->iaddrs[x], hostent->h_addr_list[x], ! sizeof(struct in_addr)); ! strlcpy(poop->addrs[x], inet_ntoa(poop->iaddrs[x]), ! sizeof(poop->addrs[0])); ! } if (!o_verbose) /* if we didn't want to see the */ return (poop); /* inverse stuff, we're done. */ /* do inverse lookups in separate loop based on our collected forward addrs, since gethostby* tends to crap into the same buffer over and over */ for (x = 0; poop->iaddrs[x].s_addr && (x < 8); x++) { hostent = gethostbyaddr((char *) &poop->iaddrs[x], ! sizeof(struct in_addr), AF_INET); if ((!hostent) || (!hostent->h_name)) holler("Warning: inverse host lookup failed for %s: ", poop->addrs[x]); *************** *** 395,414 **** } /* for x -> addrs, part B */ } else { /* not INADDR_NONE: numeric addresses... */ ! memcpy(poop->iaddrs, &iaddr, sizeof(IA)); ! strncpy(poop->addrs[0], inet_ntoa(iaddr), sizeof(poop->addrs) - 1); ! poop->addrs[0][sizeof(poop->addrs) - 1] = '\0'; if (numeric) /* if numeric-only, we're done */ return (poop); if (!o_verbose) /* likewise if we don't want */ return (poop); /* the full DNS hair */ ! hostent = gethostbyaddr((char *) &iaddr, sizeof(IA), AF_INET); /* numeric or not, failure to look up a PTR is *not* considered fatal */ if (!hostent) holler("%s: inverse host lookup failed: ", name); else { ! strncpy(poop->name, hostent->h_name, MAXHOSTNAMELEN - 1); ! poop->name[MAXHOSTNAMELEN - 1] = '\0'; hostent = gethostbyname(poop->name); if ((!hostent) || (!hostent->h_addr_list[0])) holler("Warning: forward host lookup failed for %s: ", --- 340,357 ---- } /* for x -> addrs, part B */ } else { /* not INADDR_NONE: numeric addresses... */ ! memcpy(poop->iaddrs, &iaddr, sizeof(struct in_addr)); ! strlcpy(poop->addrs[0], inet_ntoa(iaddr), sizeof(poop->addrs)); if (numeric) /* if numeric-only, we're done */ return (poop); if (!o_verbose) /* likewise if we don't want */ return (poop); /* the full DNS hair */ ! hostent = gethostbyaddr((char *) &iaddr, sizeof(struct in_addr), AF_INET); /* numeric or not, failure to look up a PTR is *not* considered fatal */ if (!hostent) holler("%s: inverse host lookup failed: ", name); else { ! strlcpy(poop->name, hostent->h_name, MAXHOSTNAMELEN); hostent = gethostbyname(poop->name); if ((!hostent) || (!hostent->h_addr_list[0])) holler("Warning: forward host lookup failed for %s: ", *************** *** 418,437 **** } /* if hostent */ } /* INADDR_NONE Great Split */ ! /* whatever-all went down previously, we should now have a host_poop struct with at least one IP address in it. */ h_errno = 0; return (poop); ! } /* gethostpoop */ /* getportpoop : Same general idea as gethostpoop -- look up a port in /etc/services, fill ! in global port_poop, but return the actual port *number*. Pass ONE of: pstring to resolve stuff like "23" or "exec"; pnum to reverse-resolve something that's already a number. If o_nflag is on, fill in what we can but skip the getservby??? stuff. Might as well have consistent behavior here, and it *is* faster. */ ! USHORT getportpoop(pstring, pnum) char *pstring; unsigned int pnum; --- 361,380 ---- } /* if hostent */ } /* INADDR_NONE Great Split */ ! /* whatever-all went down previously, we should now have a host_info struct with at least one IP address in it. */ h_errno = 0; return (poop); ! } /* getportpoop : Same general idea as gethostpoop -- look up a port in /etc/services, fill ! in global port_info, but return the actual port *number*. Pass ONE of: pstring to resolve stuff like "23" or "exec"; pnum to reverse-resolve something that's already a number. If o_nflag is on, fill in what we can but skip the getservby??? stuff. Might as well have consistent behavior here, and it *is* faster. */ ! u_short getportpoop(pstring, pnum) char *pstring; unsigned int pnum; *************** *** 439,447 **** struct servent *servent; register int x; register int y; ! char *whichp = p_tcp; if (o_udpmode) ! whichp = p_udp; portpoop->name[0] = '?';/* fast preload */ portpoop->name[1] = '\0'; --- 382,390 ---- struct servent *servent; register int x; register int y; ! char *whichp = "tcp"; if (o_udpmode) ! whichp = "udp"; portpoop->name[0] = '?';/* fast preload */ portpoop->name[1] = '\0'; *************** *** 459,467 **** y = ntohs(servent->s_port); if (x != y) /* "never happen" */ holler("Warning: port-bynum mismatch, %d != %d", x, y); ! strncpy(portpoop->name, servent->s_name, sizeof(portpoop->name) - 1); ! portpoop->name[sizeof(portpoop->name) - 1] = '\0'; ! } /* if servent */ goto gp_finish; } /* if pnum */ /* case 2: resolve a string, but we still give preference to numbers --- 402,410 ---- y = ntohs(servent->s_port); if (x != y) /* "never happen" */ holler("Warning: port-bynum mismatch, %d != %d", x, y); ! strlcpy(portpoop->name, servent->s_name, ! sizeof(portpoop->name)); ! } goto gp_finish; } /* if pnum */ /* case 2: resolve a string, but we still give preference to numbers *************** *** 480,487 **** return (0); servent = getservbyname(pstring, whichp); if (servent) { ! strncpy(portpoop->name, servent->s_name, sizeof(portpoop->name) - 1); ! portpoop->name[sizeof(portpoop->name) - 1] = '\0'; x = ntohs(servent->s_port); goto gp_finish; } /* if servent */ --- 423,430 ---- return (0); servent = getservbyname(pstring, whichp); if (servent) { ! strlcpy(portpoop->name, servent->s_name, ! sizeof(portpoop->name)); x = ntohs(servent->s_port); goto gp_finish; } /* if servent */ *************** *** 504,512 **** x containing our [host-order and therefore useful, dammit] port number */ sprintf(portpoop->anum, "%d", x); /* always load any numeric * specs! */ ! portpoop->num = (x & 0xffff); /* ushort, remember... */ return (portpoop->num); ! } /* getportpoop */ /* nextport : Come up with the next port to try, be it random or whatever. "block" is --- 447,455 ---- x containing our [host-order and therefore useful, dammit] port number */ sprintf(portpoop->anum, "%d", x); /* always load any numeric * specs! */ ! portpoop->num = (x & 0xffff); /* u_short, remember... */ return (portpoop->num); ! } /* nextport : Come up with the next port to try, be it random or whatever. "block" is *************** *** 514,521 **** 0 ignore 1 to be tested 2 tested [which is set as we find them here] ! returns a USHORT random port, or 0 if all the t-b-t ones are used up. */ ! USHORT nextport(block) char *block; { --- 457,464 ---- 0 ignore 1 to be tested 2 tested [which is set as we find them here] ! returns a u_short random port, or 0 if all the t-b-t ones are used up. */ ! u_short nextport(block) char *block; { *************** *** 547,553 **** return (y); /* at least one left */ return (0); /* no more left! */ ! } /* nextport */ /* loadports : set "to be tested" indications in BLOCK, from LO to HI. Almost too small --- 490,496 ---- return (y); /* at least one left */ return (0); /* no more left! */ ! } /* loadports : set "to be tested" indications in BLOCK, from LO to HI. Almost too small *************** *** 555,564 **** void loadports(block, lo, hi) char *block; ! USHORT lo; ! USHORT hi; { ! USHORT x; if (!block) bail("loadports: no block?!"); --- 498,507 ---- void loadports(block, lo, hi) char *block; ! u_short lo; ! u_short hi; { ! u_short x; if (!block) bail("loadports: no block?!"); *************** *** 569,575 **** block[x] = 1; x--; } ! } /* loadports */ #ifdef GAPING_SECURITY_HOLE char *pr00gie = NULL; /* global ptr to -e arg */ --- 512,519 ---- block[x] = 1; x--; } ! } ! #ifdef GAPING_SECURITY_HOLE char *pr00gie = NULL; /* global ptr to -e arg */ *************** *** 596,602 **** Debug(("gonna exec %s as %s...", pr00gie, p)) execl(pr00gie, p, NULL); bail("exec %s failed", pr00gie); /* this gets sent out. Hmm... */ ! } /* doexec */ #endif /* GAPING_SECURITY_HOLE */ /* doconnect : --- 540,546 ---- Debug(("gonna exec %s as %s...", pr00gie, p)) execl(pr00gie, p, NULL); bail("exec %s failed", pr00gie); /* this gets sent out. Hmm... */ ! } #endif /* GAPING_SECURITY_HOLE */ /* doconnect : *************** *** 608,617 **** Examines various global o_blah flags to figure out what-all to do. */ int doconnect(rad, rp, lad, lp) ! IA *rad; ! USHORT rp; ! IA *lad; ! USHORT lp; { register int nnetfd; register int rr; --- 552,561 ---- Examines various global o_blah flags to figure out what-all to do. */ int doconnect(rad, rp, lad, lp) ! struct in_addr *rad; ! u_short rp; ! struct in_addr *lad; ! u_short lp; { register int nnetfd; register int rr; *************** *** 655,661 **** /* if lad/lp, do appropriate binding */ if (lad) ! memcpy(&lclend->sin_addr.s_addr, lad, sizeof(IA)); if (lp) lclend->sin_port = htons(lp); rr = 0; --- 599,605 ---- /* if lad/lp, do appropriate binding */ if (lad) ! memcpy(&lclend->sin_addr.s_addr, lad, sizeof(struct in_addr)); if (lp) lclend->sin_port = htons(lp); rr = 0; *************** *** 663,669 **** x = (int) lp; /* try a few times for the local bind, a la ftp-data-port... */ for (y = 4; y > 0; y--) { ! rr = bind(nnetfd, (SA *) lclend, sizeof(SA)); if (rr == 0) break; if (errno != EADDRINUSE) --- 607,614 ---- x = (int) lp; /* try a few times for the local bind, a la ftp-data-port... */ for (y = 4; y > 0; y--) { ! rr = bind(nnetfd, (struct sockaddr *) lclend, ! sizeof(struct sockaddr_in)); if (rr == 0) break; if (errno != EADDRINUSE) *************** *** 682,688 **** if (o_listen) return (nnetfd);/* thanks, that's all for today */ ! memcpy(&remend->sin_addr.s_addr, rad, sizeof(IA)); remend->sin_port = htons(rp); /* rough format of LSRR option and explanation of weirdness. --- 627,633 ---- if (o_listen) return (nnetfd);/* thanks, that's all for today */ ! memcpy(&remend->sin_addr.s_addr, rad, sizeof(struct in_addr)); remend->sin_port = htons(rp); /* rough format of LSRR option and explanation of weirdness. *************** *** 727,752 **** #ifdef IP_OPTIONS if (!optbuf) { /* and don't already *have* a srcrt set */ char *opp; /* then do all this setup hair */ ! optbuf = Hmalloc(48); opp = optbuf; *opp++ = IPOPT_LSRR; /* option */ *opp++ = (char) ! (((gatesidx + 1) * sizeof(IA)) + 3) & 0xff; /* length */ *opp++ = gatesptr; /* pointer */ /* opp now points at first hop addr -- insert the intermediate gateways */ for (x = 0; x < gatesidx; x++) { ! memcpy(opp, gates[x]->iaddrs, sizeof(IA)); ! opp += sizeof(IA); } /* and tack the final destination on the end [needed!] */ ! memcpy(opp, rad, sizeof(IA)); ! opp += sizeof(IA); *opp = IPOPT_NOP; /* alignment filler */ } /* if empty optbuf */ /* calculate length of whole option mess, which is (3 + [hops] * + [final] + 1), and apply it [have to do this every time * through, of course] */ ! x = ((gatesidx + 1) * sizeof(IA)) + 4; rr = setsockopt(nnetfd, IPPROTO_IP, IP_OPTIONS, optbuf, x); if (rr == -1) bail("srcrt setsockopt fuxored"); --- 672,697 ---- #ifdef IP_OPTIONS if (!optbuf) { /* and don't already *have* a srcrt set */ char *opp; /* then do all this setup hair */ ! optbuf = calloc(1, 48); opp = optbuf; *opp++ = IPOPT_LSRR; /* option */ *opp++ = (char) ! (((gatesidx + 1) * sizeof(struct in_addr)) + 3) & 0xff; /* length */ *opp++ = gatesptr; /* pointer */ /* opp now points at first hop addr -- insert the intermediate gateways */ for (x = 0; x < gatesidx; x++) { ! memcpy(opp, gates[x]->iaddrs, sizeof(struct in_addr)); ! opp += sizeof(struct in_addr); } /* and tack the final destination on the end [needed!] */ ! memcpy(opp, rad, sizeof(struct in_addr)); ! opp += sizeof(struct in_addr); *opp = IPOPT_NOP; /* alignment filler */ } /* if empty optbuf */ /* calculate length of whole option mess, which is (3 + [hops] * + [final] + 1), and apply it [have to do this every time * through, of course] */ ! x = ((gatesidx + 1) * sizeof(struct in_addr)) + 4; rr = setsockopt(nnetfd, IPPROTO_IP, IP_OPTIONS, optbuf, x); if (rr == -1) bail("srcrt setsockopt fuxored"); *************** *** 757,763 **** /* wrap connect inside a timer, and hit it */ arm(1, o_wait); if (setjmp(jbuf) == 0) { ! rr = connect(nnetfd, (SA *) remend, sizeof(SA)); } else { /* setjmp: connect failed... */ rr = -1; errno = ETIMEDOUT; /* fake it */ --- 702,708 ---- /* wrap connect inside a timer, and hit it */ arm(1, o_wait); if (setjmp(jbuf) == 0) { ! rr = connect(nnetfd, (struct sockaddr *) remend, sizeof(struct sockaddr)); } else { /* setjmp: connect failed... */ rr = -1; errno = ETIMEDOUT; /* fake it */ *************** *** 767,773 **** return (nnetfd); close(nnetfd); /* clean up junked socket FD!! */ return (-1); ! } /* doconnect */ /* dolisten : just like doconnect, and in fact calls a hunk of doconnect, but listens for --- 712,718 ---- return (nnetfd); close(nnetfd); /* clean up junked socket FD!! */ return (-1); ! } /* dolisten : just like doconnect, and in fact calls a hunk of doconnect, but listens for *************** *** 776,792 **** in conjunction with local-address binding should limit things nicely... */ int dolisten(rad, rp, lad, lp) ! IA *rad; ! USHORT rp; ! IA *lad; ! USHORT lp; { register int nnetfd; register int rr; ! HINF *whozis = NULL; int x; char *cp; ! USHORT z; errno = 0; /* Pass everything off to doconnect, who in o_listen mode just gets a socket */ --- 721,737 ---- in conjunction with local-address binding should limit things nicely... */ int dolisten(rad, rp, lad, lp) ! struct in_addr *rad; ! u_short rp; ! struct in_addr *lad; ! u_short lp; { register int nnetfd; register int rr; ! struct host_info *whozis = NULL; int x; char *cp; ! u_short z; errno = 0; /* Pass everything off to doconnect, who in o_listen mode just gets a socket */ *************** *** 808,819 **** /* I can't believe I have to do all this to get my own goddamn bound address and port number. It should just get filled in during bind() or something. All this is only useful if we didn't say -p for listening, since if we ! said -p we *know* what port we're listening on. At any rate we won't bother with it all unless we wanted to see it, although listening quietly on a random unknown port is probably not very useful without "netstat". */ if (o_verbose) { ! x = sizeof(SA); /* how 'bout getsockNUM instead, pinheads?! */ ! rr = getsockname(nnetfd, (SA *) lclend, &x); if (rr < 0) holler("local getsockname failed"); strcpy(bigbuf_net, "listening on ["); /* buffer reuse... */ --- 753,764 ---- /* I can't believe I have to do all this to get my own goddamn bound address and port number. It should just get filled in during bind() or something. All this is only useful if we didn't say -p for listening, since if we ! struct sockaddr_ind -p we *know* what port we're listening on. At any rate we won't bother with it all unless we wanted to see it, although listening quietly on a random unknown port is probably not very useful without "netstat". */ if (o_verbose) { ! x = sizeof(struct sockaddr); /* how 'bout getsockNUM instead, pinheads?! */ ! rr = getsockname(nnetfd, (struct sockaddr *) lclend, &x); if (rr < 0) holler("local getsockname failed"); strcpy(bigbuf_net, "listening on ["); /* buffer reuse... */ *************** *** 832,843 **** * straight read/write actually does work after all. Yow. YMMV on * strange platforms! */ if (o_udpmode) { ! x = sizeof(SA); /* retval for recvfrom */ arm(2, o_wait); /* might as well timeout this, too */ if (setjmp(jbuf) == 0) { /* do timeout for initial * connect */ rr = recvfrom /* and here we block... */ ! (nnetfd, bigbuf_net, BIGSIZ, MSG_PEEK, (SA *) remend, &x); Debug(("dolisten/recvfrom ding, rr = %d, netbuf %s ", rr, bigbuf_net)) } else goto dol_tmo; /* timeout */ --- 777,788 ---- * straight read/write actually does work after all. Yow. YMMV on * strange platforms! */ if (o_udpmode) { ! x = sizeof(struct sockaddr); /* retval for recvfrom */ arm(2, o_wait); /* might as well timeout this, too */ if (setjmp(jbuf) == 0) { /* do timeout for initial * connect */ rr = recvfrom /* and here we block... */ ! (nnetfd, bigbuf_net, BIGSIZ, MSG_PEEK, (struct sockaddr *) remend, &x); Debug(("dolisten/recvfrom ding, rr = %d, netbuf %s ", rr, bigbuf_net)) } else goto dol_tmo; /* timeout */ *************** *** 853,866 **** different port on the other end won't show up and will cause ICMP errors. I guess that's what they meant by "connect". Let's try to remember what the "U" is *really* for, eh? */ ! rr = connect(nnetfd, (SA *) remend, sizeof(SA)); goto whoisit; } /* o_udpmode */ /* fall here for TCP */ ! x = sizeof(SA); /* retval for accept */ arm(2, o_wait); /* wrap this in a timer, too; 0 = forever */ if (setjmp(jbuf) == 0) { ! rr = accept(nnetfd, (SA *) remend, &x); } else goto dol_tmo; /* timeout */ arm(0, 0); --- 798,811 ---- different port on the other end won't show up and will cause ICMP errors. I guess that's what they meant by "connect". Let's try to remember what the "U" is *really* for, eh? */ ! rr = connect(nnetfd, (struct sockaddr *) remend, sizeof(struct sockaddr)); goto whoisit; } /* o_udpmode */ /* fall here for TCP */ ! x = sizeof(struct sockaddr); /* retval for accept */ arm(2, o_wait); /* wrap this in a timer, too; 0 = forever */ if (setjmp(jbuf) == 0) { ! rr = accept(nnetfd, (struct sockaddr *) remend, &x); } else goto dol_tmo; /* timeout */ arm(0, 0); *************** *** 879,885 **** #ifdef IP_OPTIONS if (!o_verbose) /* if we wont see it, we dont care */ goto dol_noop; ! optbuf = Hmalloc(40); x = 40; rr = getsockopt(nnetfd, IPPROTO_IP, IP_OPTIONS, optbuf, &x); if (rr < 0) --- 824,830 ---- #ifdef IP_OPTIONS if (!o_verbose) /* if we wont see it, we dont care */ goto dol_noop; ! optbuf = calloc(1, 40); x = 40; rr = getsockopt(nnetfd, IPPROTO_IP, IP_OPTIONS, optbuf, &x); if (rr < 0) *************** *** 910,917 **** "virtual web site" hack. */ memset(bigbuf_net, 0, 64); cp = &bigbuf_net[32]; ! x = sizeof(SA); ! rr = getsockname(nnetfd, (SA *) lclend, &x); if (rr < 0) holler("post-rcv getsockname failed"); strcpy(cp, inet_ntoa(lclend->sin_addr)); --- 855,862 ---- "virtual web site" hack. */ memset(bigbuf_net, 0, 64); cp = &bigbuf_net[32]; ! x = sizeof(struct sockaddr); ! rr = getsockname(nnetfd, (struct sockaddr *) lclend, &x); if (rr < 0) holler("post-rcv getsockname failed"); strcpy(cp, inet_ntoa(lclend->sin_addr)); *************** *** 932,938 **** x = 0; /* use as a flag... */ if (rad) /* xxx: fix to go down the *list* if we have * one? */ ! if (memcmp(rad, whozis->iaddrs, sizeof(SA))) x = 1; if (rp) if (z != rp) --- 877,883 ---- x = 0; /* use as a flag... */ if (rad) /* xxx: fix to go down the *list* if we have * one? */ ! if (memcmp(rad, whozis->iaddrs, sizeof(struct sockaddr))) x = 1; if (rp) if (z != rp) *************** *** 949,955 **** dol_err: close(nnetfd); return (-1); ! } /* dolisten */ /* udptest : fire a couple of packets at a UDP target port, just to see if it's really --- 894,900 ---- dol_err: close(nnetfd); return (-1); ! } /* udptest : fire a couple of packets at a UDP target port, just to see if it's really *************** *** 963,969 **** Return either the original fd, or clean up and return -1. */ udptest(fd, where) int fd; ! IA *where; { register int rr; --- 908,914 ---- Return either the original fd, or clean up and return -1. */ udptest(fd, where) int fd; ! struct in_addr *where; { register int rr; *************** *** 992,998 **** return (fd); close(fd); /* use it or lose it! */ return (-1); ! } /* udptest */ /* oprint : Hexdump bytes shoveled either way to a running logfile, in the format: D offset - - - - --- 16 bytes --- - - - - # .... ascii ..... --- 937,944 ---- return (fd); close(fd); /* use it or lose it! */ return (-1); ! } ! /* oprint : Hexdump bytes shoveled either way to a running logfile, in the format: D offset - - - - --- 16 bytes --- - - - - # .... ascii ..... *************** *** 1084,1092 **** if (x < 0) bail("ofd write err"); } /* while bc */ ! } /* oprint */ #ifdef TELNET ! USHORT o_tn = 0; /* global -t option */ /* atelnet : Answer anything that looks like telnet negotiation with don't/won't. --- 1030,1039 ---- if (x < 0) bail("ofd write err"); } /* while bc */ ! } ! #ifdef TELNET ! u_short o_tn = 0; /* global -t option */ /* atelnet : Answer anything that looks like telnet negotiation with don't/won't. *************** *** 1129,1135 **** p++; x--; } /* while x */ ! } /* atelnet */ #endif /* TELNET */ /* readwrite : --- 1076,1083 ---- p++; x--; } /* while x */ ! } ! #endif /* TELNET */ /* readwrite : *************** *** 1144,1160 **** register char *np; /* net-in buf ptr */ unsigned int rzleft; unsigned int rnleft; ! USHORT netretry; /* net-read retry counter */ ! USHORT wretry; /* net-write sanity counter */ ! USHORT wfirst; /* one-shot flag to skip first net read */ /* if you don't have all this FD_* macro hair in sys/types.h, you'll have to ! either find it or do your own bit-bashing: *ding1 |= (1 << fd), etc... */ if (fd > FD_SETSIZE) { holler("Preposterous fd value %d", fd); return (1); } ! FD_SET(fd, ding1); /* global: the net is open */ netretry = 2; wfirst = 0; rzleft = rnleft = 0; --- 1092,1108 ---- register char *np; /* net-in buf ptr */ unsigned int rzleft; unsigned int rnleft; ! u_short netretry; /* net-read retry counter */ ! u_short wretry; /* net-write sanity counter */ ! u_short wfirst; /* one-shot flag to skip first net read */ /* if you don't have all this FD_* macro hair in sys/types.h, you'll have to ! either find it or do your own bit-bashing: *fds1 |= (1 << fd), etc... */ if (fd > FD_SETSIZE) { holler("Preposterous fd value %d", fd); return (1); } ! FD_SET(fd, &fds1); /* global: the net is open */ netretry = 2; wfirst = 0; rzleft = rnleft = 0; *************** *** 1166,1172 **** insaved = 0; /* buffer left over from argv * construction, */ else { ! FD_CLR(0, ding1); /* OR we've already got our * repeat chunk, */ close(0); /* so we won't need any more stdin */ } /* Single */ --- 1114,1120 ---- insaved = 0; /* buffer left over from argv * construction, */ else { ! FD_CLR(0, &fds1); /* OR we've already got our * repeat chunk, */ close(0); /* so we won't need any more stdin */ } /* Single */ *************** *** 1176,1193 **** errno = 0; /* clear from sleep, close, whatever */ /* and now the big ol' select shoveling loop ... */ ! while (FD_ISSET(fd, ding1)) { /* i.e. till the *net* closes! */ wretry = 8200; /* more than we'll ever hafta write */ if (wfirst) { /* any saved stdin buffer? */ wfirst = 0; /* clear flag for the duration */ goto shovel; /* and go handle it first */ } ! *ding2 = *ding1;/* FD_COPY ain't portable... */ ! /* some systems, notably linux, crap into their select timers on return, so ! we create a expendable copy and give *that* to select. *Fuck* me ... */ ! if (timer1) ! memcpy(timer2, timer1, sizeof(struct timeval)); ! rr = select(16, ding2, 0, 0, timer2); /* here it is, kiddies */ if (rr < 0) { if (errno != EINTR) { /* might have gotten ^Zed, etc * ? */ --- 1124,1138 ---- errno = 0; /* clear from sleep, close, whatever */ /* and now the big ol' select shoveling loop ... */ ! while (FD_ISSET(fd, &fds1)) { /* i.e. till the *net* closes! */ wretry = 8200; /* more than we'll ever hafta write */ if (wfirst) { /* any saved stdin buffer? */ wfirst = 0; /* clear flag for the duration */ goto shovel; /* and go handle it first */ } ! fds2 = fds1; ! memcpy(&timer2, &timer1, sizeof(struct timeval)); ! rr = select(getdtablesize(), &fds2, 0, 0, &timer2); if (rr < 0) { if (errno != EINTR) { /* might have gotten ^Zed, etc * ? */ *************** *** 1200,1206 **** * heard anything from the net during that time, assume it's * dead and close it too. */ if (rr == 0) { ! if (!FD_ISSET(0, ding1)) netretry--; /* we actually try a coupla * times. */ if (!netretry) { --- 1145,1151 ---- * heard anything from the net during that time, assume it's * dead and close it too. */ if (rr == 0) { ! if (!FD_ISSET(0, &fds1)) netretry--; /* we actually try a coupla * times. */ if (!netretry) { *************** *** 1216,1225 **** * found bothered. */ /* Ding!! Something arrived, go check all the incoming * hoppers, net first */ ! if (FD_ISSET(fd, ding2)) { /* net: ding! */ rr = read(fd, bigbuf_net, BIGSIZ); if (rr <= 0) { ! FD_CLR(fd, ding1); /* net closed, we'll * finish up... */ rzleft = 0; /* can't write anymore: broken * pipe */ --- 1161,1170 ---- * found bothered. */ /* Ding!! Something arrived, go check all the incoming * hoppers, net first */ ! if (FD_ISSET(fd, &fds2)) { /* net: ding! */ rr = read(fd, bigbuf_net, BIGSIZ); if (rr <= 0) { ! FD_CLR(fd, &fds1); /* net closed, we'll * finish up... */ rzleft = 0; /* can't write anymore: broken * pipe */ *************** *** 1240,1251 **** goto shovel; /* okay, suck more stdin */ ! if (FD_ISSET(0, ding2)) { /* stdin: ding! */ rr = read(0, bigbuf_in, BIGSIZ); /* Considered making reads here smaller for UDP mode, but 8192-byte mobygrams are kinda fun and exercise the reassembler. */ if (rr <= 0) { /* at end, or fukt, or ... */ ! FD_CLR(0, ding1); /* disable and close * stdin */ close(0); } else { --- 1185,1196 ---- goto shovel; /* okay, suck more stdin */ ! if (FD_ISSET(0, &fds2)) { /* stdin: ding! */ rr = read(0, bigbuf_in, BIGSIZ); /* Considered making reads here smaller for UDP mode, but 8192-byte mobygrams are kinda fun and exercise the reassembler. */ if (rr <= 0) { /* at end, or fukt, or ... */ ! FD_CLR(0, &fds1); /* disable and close * stdin */ close(0); } else { *************** *** 1255,1261 **** open TCP port or every UDP attempt, so save its size and clean up stdin */ if (!Single) { /* we might be scanning... */ insaved = rr; /* save len */ ! FD_CLR(0, ding1); /* disable further junk * from stdin */ close(0); /* really, I mean it */ } /* Single */ --- 1200,1206 ---- open TCP port or every UDP attempt, so save its size and clean up stdin */ if (!Single) { /* we might be scanning... */ insaved = rr; /* save len */ ! FD_CLR(0, &fds1); /* disable further junk * from stdin */ close(0); /* really, I mean it */ } /* Single */ *************** *** 1314,1320 **** wretry--; /* none left, and get another load */ goto shovel; } ! } /* while ding1:netfd is open */ /* XXX: maybe want a more graceful shutdown() here, or screw around with linger times?? I suspect that I don't need to since I'm always doing --- 1259,1265 ---- wretry--; /* none left, and get another load */ goto shovel; } ! } /* while fds1:netfd is open */ /* XXX: maybe want a more graceful shutdown() here, or screw around with linger times?? I suspect that I don't need to since I'm always doing *************** *** 1323,1329 **** not like my test network is particularly busy... */ close(fd); return (0); ! } /* readwrite */ /* main : now we pull it all together... */ --- 1268,1274 ---- not like my test network is particularly busy... */ close(fd); return (0); ! } /* main : now we pull it all together... */ *************** *** 1337,1352 **** #endif register int x; register char *cp; ! HINF *gp; ! HINF *whereto = NULL; ! HINF *wherefrom = NULL; ! IA *ouraddr = NULL; ! IA *themaddr = NULL; ! USHORT o_lport = 0; ! USHORT ourport = 0; ! USHORT loport = 0; /* for scanning stuff */ ! USHORT hiport = 0; ! USHORT curport = 0; char *randports = NULL; #ifdef HAVE_BIND --- 1282,1297 ---- #endif register int x; register char *cp; ! struct host_info *gp; ! struct host_info *whereto = NULL; ! struct host_info *wherefrom = NULL; ! struct in_addr *ouraddr = NULL; ! struct in_addr *themaddr = NULL; ! u_short o_lport = 0; ! u_short ourport = 0; ! u_short loport = 0; /* for scanning stuff */ ! u_short hiport = 0; ! u_short curport = 0; char *randports = NULL; #ifdef HAVE_BIND *************** *** 1355,1367 **** #endif /* I was in this barbershop quartet in Skokie IL ... */ /* round up the usual suspects, i.e. malloc up all the stuff we need */ ! lclend = (SAI *) Hmalloc(sizeof(SA)); ! remend = (SAI *) Hmalloc(sizeof(SA)); ! bigbuf_in = Hmalloc(BIGSIZ); ! bigbuf_net = Hmalloc(BIGSIZ); ! ding1 = (fd_set *) Hmalloc(sizeof(fd_set)); ! ding2 = (fd_set *) Hmalloc(sizeof(fd_set)); ! portpoop = (PINF *) Hmalloc(sizeof(PINF)); errno = 0; gatesptr = 4; --- 1300,1310 ---- #endif /* I was in this barbershop quartet in Skokie IL ... */ /* round up the usual suspects, i.e. malloc up all the stuff we need */ ! lclend = (struct sockaddr_in *) calloc(1, sizeof(struct sockaddr)); ! remend = (struct sockaddr_in *) calloc(1, sizeof(struct sockaddr)); ! bigbuf_in = calloc(1, BIGSIZ); ! bigbuf_net = calloc(1, BIGSIZ); ! portpoop = (struct port_info *) calloc(1, sizeof(struct port_info)); errno = 0; gatesptr = 4; *************** *** 1383,1391 **** anything left over to readwrite(). */ if (argc == 1) { cp = argv[0]; ! argv = (char **) Hmalloc(128 * sizeof(char *)); /* XXX: 128? */ argv[0] = cp; /* leave old prog name intact */ ! cp = Hmalloc(BIGSIZ); argv[1] = cp; /* head of new arg block */ fprintf(stderr, "Cmd line: "); fflush(stderr); /* I dont care if it's unbuffered or not! */ --- 1326,1334 ---- anything left over to readwrite(). */ if (argc == 1) { cp = argv[0]; ! argv = (char **) calloc(1, 128 * sizeof(char *)); /* XXX: 128? */ argv[0] = cp; /* leave old prog name intact */ ! cp = calloc(1, BIGSIZ); argv[1] = cp; /* head of new arg block */ fprintf(stderr, "Cmd line: "); fflush(stderr); /* I dont care if it's unbuffered or not! */ *************** *** 1450,1456 **** if (gatesidx > 8) bail("too many -g hops"); if (gates == NULL) /* eat this, Billy-boy */ ! gates = (HINF **) Hmalloc(sizeof(HINF *) * 10); gp = gethostpoop(optarg, o_nflag); if (gp) gates[gatesidx] = gp; --- 1393,1399 ---- if (gatesidx > 8) bail("too many -g hops"); if (gates == NULL) /* eat this, Billy-boy */ ! gates = (struct host_info **) calloc(1, sizeof(struct host_info *) * 10); gp = gethostpoop(optarg, o_nflag); if (gp) gates[gatesidx] = gp; *************** *** 1458,1468 **** break; case 'h': errno = 0; - #ifdef HAVE_HELP helpme(); /* exits by itself */ - #else - bail("no help available, dork -- RTFS"); - #endif case 'i': /* line-interval time */ o_interval = atoi(optarg) & 0xffff; if (!o_interval) --- 1401,1407 ---- *************** *** 1508,1517 **** o_wait = atoi(optarg); if (o_wait <= 0) bail("invalid wait-time %s", optarg); ! timer1 = (struct timeval *) Hmalloc(sizeof(struct timeval)); ! timer2 = (struct timeval *) Hmalloc(sizeof(struct timeval)); ! timer1->tv_sec = o_wait; /* we need two. see ! * readwrite()... */ break; case 'z': /* little or no data xfer */ o_zero++; --- 1447,1454 ---- o_wait = atoi(optarg); if (o_wait <= 0) bail("invalid wait-time %s", optarg); ! timer1.tv_sec = o_wait; ! timer1.tv_usec = 0; break; case 'z': /* little or no data xfer */ o_zero++; *************** *** 1523,1533 **** } /* while getopt */ /* other misc initialization */ ! Debug(("fd_set size %d", sizeof(*ding1))) /* how big *is* it? */ ! FD_SET(0, ding1); /* stdin *is* initially open */ if (o_random) { SRAND(time(0)); ! randports = Hmalloc(65536); /* big flag array for ports */ } #ifdef GAPING_SECURITY_HOLE if (pr00gie) { --- 1460,1470 ---- } /* while getopt */ /* other misc initialization */ ! Debug(("fd_set size %d", sizeof(*fds1))) /* how big *is* it? */ ! FD_SET(0, &fds1); /* stdin *is* initially open */ if (o_random) { SRAND(time(0)); ! randports = calloc(1, 65536); /* big flag array for ports */ } #ifdef GAPING_SECURITY_HOLE if (pr00gie) { *************** *** 1540,1546 **** ofd = open(stage, O_WRONLY | O_CREAT | O_TRUNC, 0664); if (ofd <= 0) /* must be > extant 0/1/2 */ bail("can't open %s", stage); ! stage = (unsigned char *) Hmalloc(100); } /* optind is now index of first non -x arg */ Debug(("after go: x now %c, optarg %x optind %d", x, optarg, optind)) --- 1477,1483 ---- ofd = open(stage, O_WRONLY | O_CREAT | O_TRUNC, 0664); if (ofd <= 0) /* must be > extant 0/1/2 */ bail("can't open %s", stage); ! stage = (unsigned char *) calloc(1, 100); } /* optind is now index of first non -x arg */ Debug(("after go: x now %c, optarg %x optind %d", x, optarg, optind)) *************** *** 1674,1682 **** if (Single) exit(x); /* give us status on one connection */ exit(0); /* otherwise, we're just done */ ! } /* main */ - #ifdef HAVE_HELP /* unless we wanna be *really* cryptic */ /* helpme : the obvious */ helpme() --- 1611,1618 ---- if (Single) exit(x); /* give us status on one connection */ exit(0); /* otherwise, we're just done */ ! } /* helpme : the obvious */ helpme() *************** *** 1714,1720 **** -w secs timeout for connects and final net reads\n\ -z zero-I/O mode [used for scanning]"); bail("port numbers can be individual or ranges: lo-hi [inclusive]"); ! } /* helpme */ ! #endif /* HAVE_HELP */ ! ! /* None genuine without this seal! _H*/ --- 1650,1653 ---- -w secs timeout for connects and final net reads\n\ -z zero-I/O mode [used for scanning]"); bail("port numbers can be individual or ranges: lo-hi [inclusive]"); ! }