Adding upstream version 7.94+git20230807.3be01efb1+dfsg.upstream/7.94+git20230807.3be01efb1+dfsgupstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 180 insertions, 0 deletions

diff --git a/payload.cc b/payload.cc
new file mode 100644
index 0000000..dbd5b13
--- /dev/null
+++ b/payload.cc
@@ -0,0 +1,180 @@
+
+/***************************************************************************
+ * payload.cc -- Retrieval of UDP payloads.                                *
+ *                                                                         *
+ ***********************IMPORTANT NMAP LICENSE TERMS************************
+ *
+ * The Nmap Security Scanner is (C) 1996-2023 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and add
+ * new features. You are highly encouraged to submit your changes as a Github PR
+ * or by email to the dev@nmap.org mailing list for possible incorporation into
+ * the main distribution. Unless you specify otherwise, it is understood that
+ * you are offering us very broad rights to use your submissions as described in
+ * the Nmap Public Source License Contributor Agreement. This is important
+ * because we fund the project by selling licenses with various terms, and also
+ * because the inability to relicense code has caused devastating problems for
+ * other Free Software projects (such as KDE and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
+ ***************************************************************************/
+
+/* $Id$ */
+
+#include "nmap.h"
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <string>
+#include <map>
+
+#include "NmapOps.h"
+#include "nbase.h"
+#include "payload.h"
+#include "utils.h"
+#include "nmap_error.h"
+#include "scan_lists.h"
+#include "service_scan.h"
+
+extern NmapOps o;
+
+/* The key for the payload lookup map is u16 dport. We can make it a u32 and
+ * add proto later if needed. */
+
+static std::map<u16, std::vector<ServiceProbe *> > portPayloads;
+
+void init_payloads(void) {
+  static bool payloads_loaded = false;
+
+  if (payloads_loaded)
+    return;
+
+  AllProbes *AP = AllProbes::service_scan_init();
+  for (std::vector<ServiceProbe *>::const_iterator it = AP->probes.begin();
+      it != AP->probes.end(); it++) {
+    ServiceProbe *current_probe = *it;
+    if (current_probe->getProbeProtocol() == IPPROTO_UDP && !current_probe->notForPayload) {
+      for (std::vector<u16>::const_iterator pt = current_probe->probablePortsBegin();
+          pt != current_probe->probablePortsEnd(); pt++) {
+        std::vector<ServiceProbe *> &portPayloadVector = portPayloads[*pt];
+        portPayloadVector.push_back(current_probe);
+        if (portPayloadVector.size() > MAX_PAYLOADS_PER_PORT) {
+          fatal("Number of UDP payloads for port %u exceeds the limit of %u.\n", *pt, MAX_PAYLOADS_PER_PORT);
+        }
+      }
+    }
+  }
+  payloads_loaded = true;
+}
+
+/* Get a payload appropriate for the given UDP port. For certain selected ports
+   a payload is returned, and for others a zero-length payload is returned. The
+   length is returned through the length pointer. */
+static const u8 *udp_port2payload(u16 dport, int *length, u8 index) {
+  const u8 *payload = NULL;
+  std::map<u16, std::vector<ServiceProbe *> >::const_iterator portPayloadIterator;
+  int portPayloadVectorSize;
+
+  *length = 0;
+  portPayloadIterator = portPayloads.find(dport);
+
+  if (portPayloadIterator != portPayloads.end()) {
+    const std::vector<ServiceProbe *>& portPayloadVector = portPayloadIterator->second;
+    portPayloadVectorSize = portPayloadVector.size();
+    assert(portPayloadVectorSize > 0);
+
+    const ServiceProbe *SP = portPayloadVector[index % portPayloadVectorSize];
+    payload = SP->getProbeString(length);
+
+  }
+  return payload;
+}
+
+/* Get a payload appropriate for the given UDP port. If --data-length was used,
+   returns the global random payload. Otherwise, for certain selected ports a
+   payload is returned, and for others a zero-length payload is returned. The
+   length is returned through the length pointer. */
+const u8 *get_udp_payload(u16 dport, int *length, u8 index) {
+  if (o.extra_payload != NULL) {
+    *length = o.extra_payload_length;
+    return (u8 *) o.extra_payload;
+  } else {
+    return udp_port2payload(dport, length, index);
+  }
+}
+
+u8 udp_payload_count(u16 dport) {
+  std::map<u16, std::vector<ServiceProbe *> >::const_iterator portPayloadIterator;
+  size_t portPayloadVectorSize = 0;
+
+  portPayloadIterator = portPayloads.find(dport);
+
+  if (portPayloadIterator != portPayloads.end()) {
+    portPayloadVectorSize = portPayloadIterator->second.size();
+  }
+
+  return portPayloadVectorSize;
+}
+
+const struct MatchDetails *payload_service_match(u16 dport, const u8 *buf, int buflen) {
+  std::map<u16, std::vector<ServiceProbe *> >::const_iterator portPayloadIterator;
+
+  portPayloadIterator = portPayloads.find(dport);
+  if (portPayloadIterator != portPayloads.end()) {
+    const std::vector<ServiceProbe *>& portPayloadVector = portPayloadIterator->second;
+    // We don't know which payload triggered this, since we send all at once
+    // with the same source port.
+    for (std::vector<ServiceProbe *>::const_iterator sp = portPayloadVector.begin();
+        sp != portPayloadVector.end(); sp++) {
+      ServiceProbe *probe = *sp;
+      const struct MatchDetails *MD = NULL;
+      for (int fb = 0; probe->fallbacks[fb] != NULL; fb++) {
+        MD = probe->fallbacks[fb]->testMatch(buf, buflen, 0);
+        if (MD)
+          return MD;
+      }
+    }
+  }
+  return NULL;
+}