From 395b4d215055e7c6cb971753517ba8394c8fa244 Mon Sep 17 00:00:00 2001
From: kris <kris@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sat, 3 Feb 2007 04:15:18 +0000
Subject: [PATCH] Staying on the safe side when matching TCP flags on one part
 in scan_engine.cc. Instead of testing th_flags == TH_SYN|TH_ACK, it tests if
 (th_flags & TH_SYN|TH_ACK) == TH_SYN|TH_ACK. It's looks like it's done
 'correctly' everywhere else. I can't really think of a real situation where
 we'd recieve any extra flags when doing a SYN scan, but we could (and it's
 better than having a false negative anyway).

---
 scan_engine.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scan_engine.cc b/scan_engine.cc
index 9a50aa83e..bbbeb2b92 100644
--- a/scan_engine.cc
+++ b/scan_engine.cc
@@ -2953,7 +2953,7 @@ static bool get_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
 	  goodone = true;
 	} else {
 	  /* Now that response has been matched to a probe, I interpret it */
-	  if (USI->scantype == SYN_SCAN && tcp->th_flags == (TH_SYN|TH_ACK)) {
+	  if (USI->scantype == SYN_SCAN && (tcp->th_flags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK)) {
 	    /* Yeah!  An open port */
 	    newstate = PORT_OPEN;
 	  } else if (tcp->th_flags & TH_RST) {