mapcidr patch

Project Discovery’s mapcidr had a bug when converting IP addresses. The “-ip-format” flag did not properly work for one of the cases. For example, echo '127.0.0.1' | mapcidr -ip-format 5 would incorrectly return the integer representation or decimal value 281472812449793, when it should have returned the decimal value 2130706433. The problem could be seen in the Go function here which uses functionality imported from the math library.

func IPToInteger(ip net.IP) (*big.Int, int, error) {
	val := &big.Int{}
	val.SetBytes([]byte(ip))

	if len(ip) == net.IPv4len {
		return val, 32, nil //nolint
	} else if len(ip) == net.IPv6len {
		return val, 128, nil //nolint
	} else {
		return nil, 0, fmt.Errorf("unsupported address length %d", len(ip))

The function was easily fixed by removing the early "setBytes" value and rewriting it to correctly set the bytes conditionally for each if-statement, depending on the IP type.

func IPToInteger(ip net.IP) (*big.Int, int, error) {

	val := new(big.Int)

	// check if the ip is v4 => convert to 4 bytes representation
	if ipv4 := ip.To4(); ipv4 != nil {
		val.SetBytes(ipv4)
		return val, 32, nil
	}

	// check if the ip is v6 => convert to 16 bytes representation
	if ipv6 := ip.To16(); ipv6 != nil {
		val.SetBytes(ipv6)
		return val, 128, nil
	}

	return nil, 0, fmt.Errorf("unsupported IP address format")
}

Pull request #258.

DMARC

Lately I've overheard some people discussing email spoofing with regard to organizations that don't implement DMARC. Namely, "APTs" taking advantage of organizations that don't utilize Domain-based Message Authentication, Reporting and Conformance.