Time to start working on verifying/fixing alleged memorly leak on large scans

CHANGELOG

@@ -1,20 +1,41 @@
 # Nmap Changelog ($Id$)
 
-UNRELEASED
+o Fixed a problem with the -S and option on Windows reporting "Failed
+  to resolve/decode supposed IPv4 source address".  The -D (decoy)
+  option was probably broken on that platform too.  Thanks to kx
+  (kxmail(a)gmail.com) for reporting the problem and tracking down a
+  potential solution.
 
-o Wrote a new man page from scratch.  It is much more comprehensive
-  (more than twice as long) and (IMHO) better organized than the
-  previous one.  Read it online at http://www.insecure.org/nmap/man/
-  or docs/nmap.1 from the Nmap distribution.  Let me know if you have
-  any ideas for improving it.  I am also looking for translations.  If
-  you are interested in translating to a language not already found at
-  http://www.insecure.org/nmap/nmap_documentation.html , please mail
-  Fyodor for the DocBook XML source to translate.
+o Applied some trivial fixes so that Nmap compiles with Visual C++
+  2005 Express, which is free from Microsoft at
+  http://msdn.microsoft.com/vstudio/express/visualc/ .  Thanks to kx
+  (kxmail(a)gmail.com) and Sina Bahram (sbahram(a)nc.rr.com)
 
 o Removed foreign translations of the old man page from the
   distribution.  Included the following contributed translations
   (nroff format) of the new man page:
     Brazilian Portuguese by Lucien Raven (lucienraven(a)yahoo.com.br)
+    Portuguese (Portugal) by José Domingos (jd_pt(a)yahoo.com) and 
+                             Andreia Gaita (shana.ufie(a)gmail.com).
+
+o Modified libdnet-stripped/src/eth-bsd.c to allow for up to 128 bpf
+  devices rather than 32.  This prevents errors like "Failed to open
+  ethernet interface (fxp0)" when there are more than 32 interface
+  aliases.  Thanks to Krok (krok(a)void.ru) for reporting the problem
+  and even sending a patch.
+
+o Added --thc option (undocumented)
+
+o A fix to libpcre/pcre.h that should help compilation on Visual
+  Studio Express.  Thanks to kx (kxmail(a)gmail.com) for reporting the problem.
+
+3.94ALPHA1
+
+o Wrote a new man page from scratch.  It is much more comprehensive
+  (more than twice as long) and (IMHO) better organized than the
+  previous one.  Read it online at http://www.insecure.org/nmap/man/
+  or docs/nmap.1 from the Nmap distribution.  Let me know if you have
+  any ideas for improving it.
 
 o Wrote a new "help screen", which you get when running Nmap without
   arguments.  It is also reproduced in the man page and at
@@ -22,11 +43,22 @@ o Wrote a new "help screen", which you get when running Nmap without
   to fit it within a 25-line, 80-column terminal window.  It is now 78
   lines and summarizes all but the most obscure Nmap options.
 
+o Version detection softmatches (when Nmap determines the service
+  protocol such as smtp but isn't able to determine the app name such as
+  Postfix) can now parse out the normal match line fields such as
+  hostname, device type, and extra info.  For example, we may not know
+  what vendor created an sshd, but we can still parse out the protocol
+  number.  This was a patch from  Doug Hoyte (doug(a)hcsw.org).
+
 o Fixed a problem which caused UDP version scanning to fail to print
   the matched service.  Thanks to Martin Macok
   (martin.macok(a)underground.cz) for reporting the problem and Doug
   Hoyte (doug(a)hcsw.org) for fixing it.
 
+o Made the version detection "ports" directive (in
+  nmap-service-probes) more comprehensive.  This should speed up scans a
+  bit.  The patch was done by Doug Hoyte (doug(a)hcsw.org).
+
 o Added the --webxml option, which does the same thing as 
   --stylesheet http://www.insecure.org/nmap/data/nmap.xsl , without
   requiring you to remember the exact URL or type that whole thing.
@@ -37,18 +69,11 @@ o Fixed a crash occured when the --exclude option was used with
   Greg Darke (starstuff(a)optusnet.com.au) for sending a patch (I
   modified the patch a bit to make it more efficient).
 
-o Fixed (I hope) a problem with the -S and -e options (spoof/set
+o Fixed a problem with the -S and -e options (spoof/set
   source address, and set interface by name, respectively).  The problem
   report and a partial patch were sent by Richard Birkett
   (richard(a)musicbox.net).
 
-o Version detection softmatches (when Nmap determines the service
-  protocol such as smtp but isn't able to determine the app name such as
-  Postfix) can now parse out the normal match line fields such as
-  hostname, device type, and extra info.  For example, we may not know
-  what vendor created an sshd, but we can still parse out the protocol
-  number.  This was a patch from  Doug Hoyte (doug(a)hcsw.org).
-
 o Fixed a possible aliasing problem in tcpip.cc by applying a patch sent in by
   Gwenole Beauchesne (gbeauchesne(a)mandriva.com).  This problem
   shouldn't have had any effect on users since we already include the
@@ -71,10 +96,6 @@ o Removed Identd scan support from NmapFE since Nmap no longer
   supports it.  Thanks to Jonathan Dieter (jdieter99(a)gmx.net) for the
   patch.
 
-o Made the version detection "ports" directive (in
-  nmap-service-probes) more comprehensive.  This should speed up scans a
-  bit.  The patch was done by Doug Hoyte (doug(a)hcsw.org).
-
 o Integrated all of the September version detection fingerprint
   submissions.  This was done by Version Detection Czar Doug Hoyte
   (doug(a)hcsw.org) and resulted in 86 new match lines.  Please keep

docs/nmap.1

@@ -2,7 +2,7 @@
 .\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
 .\" Instead of manually editing it, you probably should edit the DocBook XML
 .\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "NMAP" "1" "11/27/2005" "" "Nmap Reference Guide"
+.TH "NMAP" "1" "11/29/2005" "" "Nmap Reference Guide"
 .\" disable hyphenation
 .nh
 .\" disable justification (adjust text to left margin only)
@@ -128,7 +128,7 @@ OS DETECTION:
   \-\-osscan_limit: Limit OS detection to promising targets
   \-\-osscan_guess: Guess OS more aggressively
 TIMING AND PERFORMANCE:
-  \-T[0\-6]: Set timing template (higher is faster)
+  \-T[0\-5]: Set timing template (higher is faster)
   \-\-min_hostgroup/max_hostgroup <msec>: Parallel host scan group sizes
   \-\-min_parallelism/max_parallelism <msec>: Probe parallelization
   \-\-min_rtt_timeout/max_rtt_timeout/initial_rtt_timeout <msec>: Specifies
@@ -155,6 +155,7 @@ OUTPUT:
   \-\-append_output: Append to rather than clobber specified output files
   \-\-resume <filename>: Resume an aborted scan
   \-\-stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
+  \-\-webxml: Reference stylesheet from Insecure.Org for more portable XML
   \-\-no_stylesheet: Prevent associating of XSL stylesheet w/XML output
 MISC:
   \-6: Enable IPv6 scanning

docs/nmap.usage.txt

@@ -1,4 +1,4 @@
-Nmap 3.94 ( http://www.insecure.org/nmap/ )
+Nmap 3.94ALPHA2 ( http://www.insecure.org/nmap/ )
 Usage: nmap [Scan Type(s)] [Options] {target specification}
 TARGET SPECIFICATION:
   Can pass hostnames, IP addresses, networks, etc.

libdnet-stripped/NMAP_MODIFICATIONS

@@ -41,6 +41,20 @@ o Added intf_get_pcap_devname() function for Win32.  This tries to
   down side is that it won't work with interfaces that don't have an
   IPv4 address configured.
 
+o Increase the number of available bpf devices from 32 to 128.  Patch:
+--- eth-bsd.c   (revision 2774)
++++ eth-bsd.c   (working copy)
+@@ -45,7 +45,7 @@
+        int i;
+ 
+        if ((e = calloc(1, sizeof(*e))) != NULL) {
+-               for (i = 0; i < 32; i++) {
++               for (i = 0; i < 128; i++) {
+                        snprintf(file, sizeof(file), "/dev/bpf%d", i);
+                        e->fd = open(file, O_WRONLY);
+                        if (e->fd != -1 || errno != EBUSY)
+
+
 o Made some code changes to intf.c (the patch below).  This does the following:
 
   o Preserve the alias qualifier from interface name in more cases
@@ -150,3 +164,6 @@ diff -Nruw old/src/intf.c nmap-3.83.new/src/intf.c
                 if (_intf_get_noalias(intf, entry) < 0)
                         return (-1);
                 if (_intf_get_aliases(intf, entry) < 0)
+
+
+

libdnet-stripped/src/eth-bsd.c

@@ -45,7 +45,7 @@ eth_open(const char *device)
 	int i;
 
 	if ((e = calloc(1, sizeof(*e))) != NULL) {
-		for (i = 0; i < 32; i++) {
+		for (i = 0; i < 128; i++) {
 			snprintf(file, sizeof(file), "/dev/bpf%d", i);
 			e->fd = open(file, O_WRONLY);
 			if (e->fd != -1 || errno != EBUSY)

libpcre/NMAP_MODIFICATIONS

@@ -42,3 +42,28 @@ o Removed COPYING file as there is already a LICENSE file with exactly
 o Removed pcre_ucp_findchar.c and ucptable.c
 
 o Added this NMAP_MODIFICATIONS file
+
+o Remove some junk that deals with dynamic linking of pcre:
+--- pcre.h      (revision 2947)
++++ pcre.h      (working copy)
+@@ -47,19 +47,8 @@
+ #define PCRE_DATE           15-Aug-2005
+ 
+ /* Win32 uses DLL by default; it needs special stuff for exported functions. */
++/* Removed some defines here as I always compile staticly */
+ 
+-#ifdef _WIN32
+-#  ifdef PCRE_DEFINITION
+-#    ifdef DLL_EXPORT
+-#      define PCRE_DATA_SCOPE __declspec(dllexport)
+-#    endif
+-#  else
+-#    ifndef PCRE_STATIC
+-#      define PCRE_DATA_SCOPE extern __declspec(dllimport)
+-#    endif
+-#  endif
+-#endif
+-
+ /* For other operating systems, we use the standard "extern". */
+ 
+ #ifndef PCRE_DATA_SCOPE

libpcre/pcre.h

@@ -47,18 +47,7 @@ make changes to pcre.in. */
 #define PCRE_DATE           15-Aug-2005
 
 /* Win32 uses DLL by default; it needs special stuff for exported functions. */
-
-#ifdef _WIN32
-#  ifdef PCRE_DEFINITION
-#    ifdef DLL_EXPORT
-#      define PCRE_DATA_SCOPE __declspec(dllexport)
-#    endif
-#  else
-#    ifndef PCRE_STATIC
-#      define PCRE_DATA_SCOPE extern __declspec(dllimport)
-#    endif
-#  endif
-#endif
+/* Removed some defines here as I always compile staticly */
 
 /* For other operating systems, we use the standard "extern". */
 

libpcre/pcre_winconfig.h

@@ -1,5 +1,4 @@
 #define EXPORT
-
 #define HAVE_STRERROR 1
 #define HAVE_MEMMOVE  1
 

mswin32/winfix.cc

@@ -132,6 +132,23 @@ int pcap_avail = 0;
 static void win_cleanup(void);
 static char pcaplist[4096];
 
+/* The code that has no preconditions to being called, so it can be
+   executed before even Nmap options parsing (so o.debugging and the
+   like don't need to be used.  Its main function is to do
+   WSAStartup() as some of the option parsing code does DNS
+   resolution */
+void win_pre_init() {
+	WORD werd;
+	WSADATA data;
+
+	werd = MAKEWORD( 2, 2 );
+	if( (WSAStartup(werd, &data)) !=0 )
+		fatal("failed to start winsock.\n");
+}
+
+/* Requires that win_pre_init() has already been called, also that
+   options processing has been done so that o.debugging is
+   available */
 void win_init()
 {
 	//   variables
@@ -141,12 +158,7 @@ void win_init()
 	PMIB_IPADDRTABLE pIp = 0;
 	int i;
 	int numipsleft;
-	WORD werd;
-	WSADATA data;
 
-	werd = MAKEWORD( 2, 2 );
-	if( (WSAStartup(werd, &data)) !=0 )
-		fatal("failed to start winsock.\n");
 
 	ver.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
 	if(!GetVersionEx((LPOSVERSIONINFO)&ver))

mswin32/winfix.h

@@ -19,6 +19,16 @@
 #include <pcap.h>
 
 /*   (exported) functions   */
+/* The code that has no preconditions to being called, so it can be
+   executed before even Nmap options parsing (so o.debugging and the
+   like don't need to be used.  Its main function is to do
+   WSAStartup() as some of the option parsing code does DNS
+   resolution */
+EXTERNC void win_pre_init();
+
+/* Requires that win_pre_init() has already been called, also that
+   options processing has been done so that o.debugging is
+   available */
 EXTERNC void win_init();
 EXTERNC void win_barf(const char *msg);
 #endif

nmap.spec.in

@@ -86,12 +86,8 @@ gzip $RPM_BUILD_ROOT%{prefix}/share/man/man1/* || :
 %files 
 %defattr(-,root,root)
 %doc COPYING
-%doc docs/README docs/nmap-fingerprinting-article.txt
-%doc docs/nmap.deprecated.txt docs/nmap.usage.txt docs/nmap_doc.html
-%doc docs/nmap_manpage.html docs/nmap_manpage-es.html
-%doc docs/nmap_manpage-fr.html docs/nmap_manpage-lt.html 
-%doc docs/nmap_manpage-it.html
-%doc docs/nmap_manpage-ru.html
+%doc docs/README
+%doc docs/nmap.usage.txt
 %{prefix}/bin/nmap
 %{prefix}/share/nmap
 %{prefix}/share/man/man1/nmap.1.gz

nmap_winconfig.h

@@ -104,7 +104,7 @@
 #ifndef NMAP_WINCONFIG_H
 #define NMAP_WINCONFIG_H
 
-#define NMAP_VERSION "3.93"
+#define NMAP_VERSION "3.94ALPHA2"
 #define NMAP_NAME "Nmap"
 #define NMAP_URL "http://www.insecure.org/nmap"
 #define NMAP_PLATFORM "i686-pc-windows-windows"

output.cc

@@ -1392,7 +1392,8 @@ void printfinaloutput(int numhosts_scanned, int numhosts_up,
   
   if (numhosts_scanned == 0)
     fprintf(stderr, "WARNING: No targets were specified, so 0 hosts scanned.\n");
-  if (numhosts_scanned == 1 && numhosts_up == 0 && !o.listscan)
+  if (numhosts_scanned == 1 && numhosts_up == 0 && !o.listscan && 
+      o.pingtype != PINGTYPE_NONE)
     log_write(LOG_STDOUT, "Note: Host seems down. If it is really up, but blocking our ping probes, try -P0\n");
   /*  log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT,"\n"); */
   log_write(LOG_STDOUT|LOG_SKID, "Nmap finished: %d %s (%d %s up) scanned in %.3f seconds\n", numhosts_scanned, (numhosts_scanned == 1)? "IP address" : "IP addresses", numhosts_up, (numhosts_up == 1)? "host" : "hosts",  o.TimeSinceStartMS(&tv) / 1000.0);