Assertion failure with IP protocol scan

[Eponymous-One]

Describe the bug
Running an IP protocol scan on protocol number 255 (reserved) immediately causes an assertion failure. This has been tested on Nmap 7.94SVN on Ubuntu 24.04. This is very quick and easy to reproduce.

Error message:

nmap: protocols.cc:193: const nprotoent* nmap_getprotbynum(int): Assertion `num >= 0 && num < UCHAR_MAX' failed.
Aborted (core dumped)

To Reproduce
nmap -vvv -sO <ipaddr> -Pn -p255

Expected behavior
Nmap should "scan" and then return a formatted table.

Version info (please complete the following information):

As above.

I've noticed this on a few recent versions of Nmap but haven't worked out exactly when the regression was introduced.

I'm pretty sure this wasn't affecting Nmap 7.91 on Ubuntu 22.04 however so it's likely to have been introduced after this.

I suspect something is causing the "num" to be 256 which causes the assertion to fire. If you run:
nmap -vvv -sO <ipaddr> -Pn -p0-254

...there are no issues.

[Eponymous-One]

Actually looking into this a bit more:

protocols.cc:

194   assert(num >= 0 && num < UCHAR_MAX);

UCHAR_MAX is 255...

So it's simply a matter of changing that line to:

assert(num >= 0 && num <= UCHAR_MAX);

or if you prefer:

assert(num >= 0 && num < (UCHAR_MAX + 1));

[nnposter]

Actually, the fix needs more than that. The IP protocol table is defined too small by one, so changing the assertion without fixing the table definition results in potential out-of-bounds read. See #2900 for a more comprehensive fix.

[nnposter]

Thank you for reporting the issue. The fix from #2900 has been committed as r38951.