I've been studying C for a about 2 weeks now and decided to try my hand at a simple port scanner. I can compile the code with no errors but whenever I try to execute it I get a segmentation fault.
#include<stdio.h>
#include<sys/socket.h>
#include<errno.h>
#include<netdb.h>
#include<string.h>
#include<stdlib.h>
int scanPort(char hostaddr[], int port) {
struct hostent *host;
int err, i, sock;
struct sockaddr_in sa;
strncpy((char*)&sa , "" , sizeof sa);
sa.sin_family = AF_INET;
if (isdigit(hostaddr[0])) {
sa.sin_addr.s_addr = inet_addr(hostaddr);
} else if ((host = gethostbyname(hostaddr)) != 0) {
strncpy((char*)&sa.sin_addr , (char*)host->h_addr , sizeof sa.sin_addr);
} else {
printf("\n[!] Failed to resolve host!\n");
exit(1);
}
sa.sin_port = htons(port);
sock = socket(AF_INET, SOCK_STREAM, 0);
if (sock < 0) {
printf("\n[!] Failed to create socket!\n");
exit(1);
}
err = connect(sock, (struct sockaddr*)&sa , sizeof sa);
close(sock);
if (err < 0) {
return 0;
} else {
return 1;
}
}
int main(int argc, char *argv[]) {
if (argc != 4) {
printf("usage: ./portscan [TARGET] [START PORT] [STOP PORT]\n");
exit(0);
}
char host[20];
strcpy(host, argv[1]);
int beginport;
int endport;
if (isdigit(argv[2]) && isdigit(argv[3])) {
beginport = atoi(argv[2]);
endport = atoi(argv[3]);
} else {
printf("[!] Invalid port range given\n");
}
printf("[*] Beginning Scan...\n\n");
int i = beginport;
for (i; i<=endport; i++) {
if (scanPort(host, i)) {
printf("Port %d: Open\n", i);
}
}
printf("\n[*] Scan complete!");
return 0;
}
I understand that there is some improper/insecure function usage within the code, but I'm just trying to get this program functioning. This is only a test, not an actual program for use.
Here is a screenshot of compiling and executing, I don't think it'll be of much help though:
UPDATE: I passed arguments to it, still get segmentation fault:
UPDATE 2: I've added a few lines to evaluate argc
Thank you for your time.
-Defalt
The crash is happening here:
if (isdigit(argv[2]) && isdigit(argv[3])) {
The isdigit
function expects an int
(actually a char
converted to an int
), but you pass in a char *
. This invokes undefined behavior, which in this case (luckily for you) manifests as a crash.
You probably want to check the first character of each string, so pass in argv[2][0]
and argv[3][0]
to this function.
Also, this is incorrect:
strncpy((char*)&sa.sin_addr , (char*)host->h_addr , sizeof sa.sin_addr);
The strncpy
function is for copying strings, not arbitrary bytes. If there is a null byte among the bytes being copied, no others bytes after that one will be copied. Use memcpy
instead, which copies an exact number of bytes:
memcpy((char*)&sa.sin_addr , (char*)host->h_addr , sizeof sa.sin_addr);