Skip to content

Fix issue #2848: Support multiple CPEs of the same type #3224

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rob-cobbins wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix issue #2848: Support multiple CPEs of the same type #3224

rob-cobbins wants to merge 1 commit into from

Conversation

@rob-cobbins
Copy link

@rob-cobbins rob-cobbins commented Nov 3, 2025

PROBLEM:
When service-probes defines multiple CPE entries of the same part type (e.g., two application CPEs like Apache and PHP), only the last one was stored as the CPE loop overwrote the single buffer for each type.

ROOT CAUSE:

  • MatchDetails structure used single const char* for cpe_a/h/o
  • ServiceNFO class used single char arrays for cpe_*_matched
  • CPE processing loop reused the same buffer, overwriting previous values
  • Only the last CPE of each type was retained

SOLUTION:

  • Changed MatchDetails to use std::vector<const char *> for cpe_a/h/o
  • Changed ServiceNFO to use std::vector<char > for cpe__matched
  • Updated CPE processing loop to allocate new buffers for each CPE
  • Added proper memory management (free in destructors and SSL reset)
  • Updated all copying/transfer logic to iterate vectors

VERIFICATION:
Tested against servers with Apache + PHP and confirmed XML output now shows multiple tags as expected:
cpe:/a:apache:http_server:2.4.34
cpe:/a:php:php:7.3.20

FILES MODIFIED:

  • service_scan.h: MatchDetails structure
  • service_scan.cc: ServiceNFO class, getVersionStr, testMatch, processMatch, processResults, and cleanup code

@rcobbins
Fix issue nmap#2848: Support multiple CPEs of the same type
04ac00d 
PROBLEM:
When service-probes defines multiple CPE entries of the same part type
(e.g., two application CPEs like Apache and PHP), only the last one was
stored as the CPE loop overwrote the single buffer for each type.

ROOT CAUSE:
- MatchDetails structure used single const char* for cpe_a/h/o
- ServiceNFO class used single char arrays for cpe_*_matched
- CPE processing loop reused the same buffer, overwriting previous values
- Only the last CPE of each type was retained

SOLUTION:
- Changed MatchDetails to use std::vector<const char *> for cpe_a/h/o
- Changed ServiceNFO to use std::vector<char *> for cpe_*_matched
- Updated CPE processing loop to allocate new buffers for each CPE
- Added proper memory management (free in destructors and SSL reset)
- Updated all copying/transfer logic to iterate vectors

VERIFICATION:
Tested against servers with Apache + PHP and confirmed XML output now
shows multiple <cpe> tags as expected:
  <cpe>cpe:/a:apache:http_server:2.4.34</cpe>
  <cpe>cpe:/a:php:php:7.3.20</cpe>

FILES MODIFIED:
- service_scan.h: MatchDetails structure
- service_scan.cc: ServiceNFO class, getVersionStr, testMatch,
  processMatch, processResults, and cleanup code
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rob-cobbins @rcobbins