From 3029747902f7f17160745fee73b33933c2f00bb4 Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 11 Oct 2012 03:11:53 +0000
Subject: [PATCH] Actually use the interface address when get_srcaddr fails.

There was an embarrasing bug here added in r28874. In the second of
three calls to get_srcaddr, the interface was being indexed by an index
variable that, in this place, was actually an index into the routes
table. This would in general produce a nonsensical source address or
out-of-bounds access.

The symptom of this problem was the following error messages:
	get_srcaddr: can't connect socket: The requested address is not valid in its context.
	Failed to convert source address to presentation format!?!  Error: Unknown error
The first showed that get_srcaddr failed, and the second was caused by
the bogus source address.

http://seclists.org/nmap-dev/2012/q3/859
http://seclists.org/nmap-dev/2012/q4/59
---
 CHANGELOG             | 8 ++++++++
 libnetutil/netutil.cc | 6 +++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 7371ad201..75295497c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,13 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o Fixed a bug that caused an incorrect source address to be set when
+  scanning certain addresses (apparently those ending in .0) on
+  Windows XP. The symptom of this bug was the messages
+    get_srcaddr: can't connect socket: The requested address is not valid in its context.
+    Failed to convert source address to presentation format!?!  Error: Unknown error
+  Thanks to Robert Washam and Jorge Hernandez for reports and help
+  debugging. [David Fifield]
+
 o Added some additional CPE entries to nmap-service-probes.
   [Dillon Graham]
 
diff --git a/libnetutil/netutil.cc b/libnetutil/netutil.cc
index 0d4945e70..b721e3f75 100644
--- a/libnetutil/netutil.cc
+++ b/libnetutil/netutil.cc
@@ -3360,7 +3360,7 @@ static int route_dst_generic(const struct sockaddr_storage *dst,
     /* But the source address we want to use is the target address. */
     if (!spoofss) {
       if (get_srcaddr(dst, &rnfo->srcaddr) == -1)
-        rnfo->srcaddr = ifaces[i].addr;
+        rnfo->srcaddr = rnfo->ii.addr;
     }
 
     return 1;
@@ -3385,7 +3385,7 @@ static int route_dst_generic(const struct sockaddr_storage *dst,
       sockaddr_equal(&routes[i].gw, dst));
     if (!spoofss) {
       if (get_srcaddr(dst, &rnfo->srcaddr) == -1)
-        rnfo->srcaddr = ifaces[i].addr;
+        rnfo->srcaddr = rnfo->ii.addr;
     }
     rnfo->nexthop = routes[i].gw;
 
@@ -3403,7 +3403,7 @@ static int route_dst_generic(const struct sockaddr_storage *dst,
     rnfo->direct_connect = 1;
     if (!spoofss) {
       if (get_srcaddr(dst, &rnfo->srcaddr) == -1)
-        rnfo->srcaddr = ifaces[i].addr;
+        rnfo->srcaddr = rnfo->ii.addr;
     }
 
     return 1;