Errors in C code.

[Israel]

Found this C program over at DarkCode.net. Its supposed to not only scan a box but identify users running on that machine. Don't know, I'm pretty new to C programming but I got these 3 errors when I tried to compile it:

Code: Select all

iscan.c: In function 'usage':
iscan.c:71: warning: incompatible implicit declaration of built-in function 'exit'
iscan.c: In function 'ident_check':
iscan.c:103: warning: incompatible implicit declaration of built-in function 'malloc'
iscan.c: In function 'main':
iscan.c:239: warning: incompatible implicit declaration of built-in function 'free'


Here is the code I'm using:

Code: Select all

/*
*   ident-scan [v0.60]
*   This TCP scanner has the additional functionality of retrieving
*   the username that owns the daemon running on the specified port.
*   It does this by by attempting to connect to a TCP port, and if it
*   succeeds, it will send out an ident request to identd on the
*   remote host.  I believe this to be a flaw in the design of the
*   protocol, and if it is the developers intent to allow 'reverse'
*   idents, then it should have been stated clearer in the
*   rfc(rfc1413).
*
*   USES:
*   It can be useful to determine who is running daemons on high ports
*   that can be security risks.  It can also be used to search for
*   misconfigurations such as httpd running as root, other daemons
*   running under the wrong uids.
*
*   COMPILES:
*    Compiled on SunOS 4.1.x, OSF/1, Linux and BSDI with:
*         cc -o i-scan i-scan.c
*    Solaris 2.x worked with:
*         cc -o i-scan i-scan.c -lsocket -lnsl
*
*   CHANGES:
*   2/11/96    0.15       Original version.  Usable by other people.
*   7/22/96    0.30       Fixed display problem.  Will function like a
*                         normal tcp scanner.  Optimized name/addr check.
*   6/27/97    0.45       Fixed TCP wrapper segfault.  Gonna gut this
*                         pig soon.
*   7/26/97    0.60       Major code restructure.  ident check is now in
*                         its own function.  Several optimizations.
*
*   Dave Goldsmith
*   <dhg@dec.net>
*   http://www.ksrt.org/~dhg
*   07/26/97
*/

#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <errno.h>
#include <fcntl.h>
#include <netinet/in.h>
#include <netdb.h>
#include <unistd.h>

enum errlist
{
  BAD_ARGS,BAD_HOST,SOCK_ERR
};

struct sockaddr_in for_ident, for_scan;
int len;

void
usage( error )
enum errlist error;
{
  fprintf(stderr,"ident-scan: ");
  switch(error)
  {
    case BAD_ARGS: fprintf(stderr,"usage: ident-scan hostname [low port] [hi port]\n");
                   break;
    case BAD_HOST: fprintf(stderr,"error: cant resolve hostname\n");
                   break;
    case SOCK_ERR: fprintf(stderr,"error: socket() failed\n");
                   break;
  }
   exit(-1);
}

struct hostent *
fill_host( machine, host )
char *machine;
struct hostent *host;
{
/* if gethostbyname fails, gethostbyaddr and return */

  if ( ( host = gethostbyname( machine ) ) == NULL )
     host = gethostbyaddr( machine, 4, AF_INET );
  return( host );
}

char *
ident_check( fd )
int fd;
{
   struct sockaddr_in for_temp;
   int ret, identfd;
   char buffer[24], *response;

   ret = getsockname( fd, (struct sockaddr *)&for_temp, &len );
   if ( ret == 0 )
   {
      identfd = socket( AF_INET, SOCK_STREAM, 0 );
      if ( identfd != -1 )
      {
         ret = connect( identfd, (struct sockaddr *)&for_ident, len );
         if ( ret == 0 )
         {
            response= (char *) malloc( 2048 );
            if ( response != NULL )
            {
                memset( response, 0x0, 85 );
                sprintf ( buffer, "%u,%u\n", htons ( for_scan.sin_port ),
                          htons ( for_temp.sin_port ) );

                write( identfd, buffer, strlen( buffer ) );
                ret =  read( identfd, response, 80 );
                if ( ret != 0 )
                {
                   response[ strlen( response) - 1 ] = '\0';
                   return( response );
                }
                else
                {
                   /* Most likely TCP wrappers is running, so we can
                    * connect to the remote machines ident port,
                    * but we arent getting to actually talk to identd.
                    */
                   return( NULL );
                }
            }
            else
                /* malloc failed */
                fprintf( stderr, "malloc() failed in ident_check\n");
         }
         else
            /* connect failed */
            fprintf( stderr, "connect() failed in ident_check\n");
      }
      else
         /* socket failed */
         fprintf( stderr, "socket() failed in ident_check\n");
   }
   else
     /* getsockname failed */
     fprintf( stderr, "getsockname() failed in ident_check\n");

   response = NULL;
   return ( response );
}



int
main( argc, argv )
int argc;
char **argv;
{
  int i, sockfd, curport, ret;
  int noident = 0, hiport = 9999, loport = 1;
  struct servent *service;
  struct hostent *host;
  char identbuf[30], recieved[85], *buffer, *uid;

  if ((argc<2) || (argc>4))
    usage(BAD_ARGS);
  if (argc>2)
     loport = atoi(argv[2]);
  if (argc>3)
     hiport = atoi(argv[3]);
  if ( ( host = fill_host( argv[1], host ) ) == NULL )
    usage(BAD_HOST);

  /* Load up pieces of our sockaddr_in structs */

  len = sizeof(struct sockaddr_in);

  for_scan.sin_family = host->h_addrtype;
  for_scan.sin_addr.s_addr = *((long *)host->h_addr);
  for_scan.sin_port = htons( 113 ); /* this if for testing ident */

  for_ident.sin_family = host->h_addrtype;
  for_ident.sin_addr.s_addr = *((long *)host->h_addr);
  for_ident.sin_port = htons( 113 );

  /* Check and see if ident is running */

  sockfd = socket( AF_INET, SOCK_STREAM, 0 );
  if ( sockfd != -1 )
  {
     ret = connect( sockfd, (struct sockaddr *)&for_scan, len );
     if ( ret != 0 )
     {
        noident = 1;
        fprintf( stdout, "ident is not running on %s, performing normal scan\n",
                 argv[1] );
     }
     else
     {
       /*
        * If someone has blocked out identd with tcp wrappers the connect
        * will succeed, but we wont actually be able to use identd.  This
        * will make sure we can actually talk to identd properly.
        */
       if ( ident_check( sockfd ) == NULL )
       {
           noident = 1;
           close( sockfd );
           fprintf( stdout, "identd is malfunctioning or TCP wrapped on %s\n",
                   argv[1]);
       }
     }
  }

  for( curport = loport ; curport <= hiport ; curport++ )
  {
     for_scan.sin_port = htons( curport );

     if ( ( sockfd = socket( AF_INET, SOCK_STREAM, 0 ) ) == -1)
        usage(SOCK_ERR);

     ret = connect( sockfd, (struct sockaddr *)&for_scan, len );

     if ( ret == 0 )
     {
        service = getservbyport( for_scan.sin_port, "tcp");

        if ( noident == 0 ) /* we are ident scanning */
        {
           buffer = ident_check( sockfd );

           if ( buffer != NULL )
           {
              uid = strrchr( buffer, ':' );
              if ( uid != NULL )
              {
                 /*
                  * Some idents return :username
                  * others return : username
                  */
                 if ( ( *(++uid) )  == ' ' )
                   uid++;
                 printf("Port: %3d\tService: %10s\tUserid: %s\n", curport,
                        ( service == NULL ) ? "(?)" : service->s_name, uid);
                 free( buffer );
              }
              else
                 fprintf(stderr, "Malformed ident string\n");
           }
        }
        else /* this is just a regular port scan */
           printf("Port: %3d\tService: %10s\n", curport,
                  ( service == NULL ) ? "(?)" : service->s_name);
     }
     close( sockfd );
  } /* end for */
}


[cen]

iscan.c: In function 'usage':
iscan.c:71: warning: incompatible implicit declaration of built-in function 'exit'

In function usage, you're making a call to a function called exit on line 71 and the compiler isn't liking something about it.

Check your syntax/usage of function exit in your help, it will explain how to use it properly. Compare this information with the code and try to figure out if it's being used wrong. Keep in mind, that the actual problem may not be on that specific line with the exit function, but there IS a problem with using it somewhere/somehow.

Once you figure that one out, continue with the rest of them... If you have to...

Code: Select all

iscan.c: In function 'ident_check':
iscan.c:103: warning: incompatible implicit declaration of built-in function 'malloc'
iscan.c: In function 'main':
iscan.c:239: warning: incompatible implicit declaration of built-in function 'free'

These are just warnings though, they may be important, but the code may work just fine as they are. Look in your help for more detailed information on an incompatible implicit declaration warning. It may help enlighten the situation for you. And confirm just how important these warnings actually are.

I'll help point you in the proper direction (although I may be wrong) - You NEED something in order to use these functions.

Try to figure out what it is...

[Israel]

Wow, it did compile and run without fixing those errors. Its always the simple things that seem to get me the most.... I did notice that if I simply commented out line 71 the error went away for that line. Unfortunately I could not apply that to the rest. Probably would've lost some functionality too. Thanks for keeping me trying.

[cen]

I haven't even touched C since college, but trust me - You want to fix these errors, not ignore them... Your program won't work properly if at all. You're accessing exit to leave the program (ignoring this one probably won't break the program), but with malloc and free you are utilizing dynamic memory. I haven't looked at your code with much detail, but I'm willing to bet you'll NEED to fix these two at least, they're all having the same problem...

Take a closer look at the commands - There are requirements to get them working...

Did you find out what a incompatible implicit declaration warning is yet?

If not, take a look at google: http://www.lmgtfy.com?q=incompatible+im ... eclaration

It will explain the problem...

What do you need to do in order to use the libraries included with C??? The command printf is NOT a built in command, you're accessing a library to use it - How do you include that library with your source???

[Israel]

Yeah, I was planning on looking over that later. Had to go to work and was just happy to see it run.

<stdlib.h> is the library that's missing, I now have no errors. I had just been reading in another forum that under ANSI/ISO Standard C casts like malloc and free are no longer necessary, and sometimes discouraged altogether. Don't know, I'm learning from some old school training videos, but they were free.

[cen]

<stdlib.h> is the library that's missing, I now have no errors.

There ya go - Well done!

I had just been reading in another forum that under ANSI/ISO Standard C casts like malloc and free are no longer necessary, and sometimes discouraged altogether.

Yes and no - Don't neglect the fact that C is still quite common these days - Ya, people aren't designing new software with it as a general rule, but still common enough - MANY code examples out there exist in this format for free - It helps being able to understand them and convert them if the need arises.

So, no harm in learning them - I'd just tuck these 'somewhat outdated' commands away into your "The More You Know..." repertoire...

l8r.

[Israel]

Don't neglect the fact that C is still quite common these days - Ya, people aren't designing new software with it as a general rule, but still common enough

? Ok, I understood ANSI C was C, just standardized with a few additions from C++. Are you implying its something else?

[cen]

I understood ANSI C was C, just standardized with a few additions from C++. Are you implying its something else?

ANSI C does not utilize C++, that would be a different standard.

ANSI C is C, but it is the standardized version of C, ANSI C++ is the standardized version of C++. Code designed using ANSI C/C++ should work in ANY compiler that utilizes this standard. It's an attempt to provide people with a basic way to make sure that virtually any compiler will compile the 'basics' of C/C++ code. You'll notice huge differences if you use multiple compilers like Microsoft's or Borland's, but if you code it using ANSI C/C++ it should work in either compiler.

C and C++ are extremely similar, but there are some major differences, there are functions used in C that no longer apply in C++, just as there are clearly new ways of doing things in C++ that don't exist in C. The biggest difference being that C++ was designed as a object oriented language, and although you can basically pull this off in C it's done differently.

Point being, ANSI C does NOT contain C++, ANSI C++ does. They are standards, provided by the American National Standards Institute (ANSI).

[Israel]

Much clearer. Thanks!