diff --git a/CHANGELOG b/CHANGELOG index 74ce69d50..20e08c46a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -8,6 +8,10 @@ o There is a new default ping probe set: -PE -PS443 -PA80 -PP. In ping probes are now sent in order of effectiveness (-PE first) so that less likely probes may not have to be sent. [David/Fyodor] +o Fixed a bug where an ICMP echo, timestamp, or address mask reply + could be matched up with the wrong ICMP probe if more than one ICMP + probe type was being sent (as with the new default ping). [David] + o [Zenmap] Fixed a crash, introduced in 4.85BETA4, that happened when searching scan results by date. [David] The error message was File "zenmapGUI\SearchGUI.pyo", line 816, in set_date diff --git a/scan_engine.cc b/scan_engine.cc index cb4e528e5..029531573 100644 --- a/scan_engine.cc +++ b/scan_engine.cc @@ -4190,7 +4190,7 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) { if (current_reason == ER_DESTUNREACH) current_reason = ping->code + ER_ICMPCODE_MOD; - /* Echo reply, Timestamp reply, or Address Mask Reply */ + /* Echo reply, Timestamp reply, or Address Mask Reply. RFCs 792 and 950. */ if (USI->ptech.rawicmpscan && (ping->type == 0 || ping->type == 14 || ping->type == 18)) { memset(&sin, 0, sizeof(sin)); sin.sin_addr.s_addr = ip->ip_src.s_addr; @@ -4226,6 +4226,11 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) { /* Ensure the connection info matches. */ if (hss->target->v4sourceip()->s_addr != ip->ip_dst.s_addr) continue; + /* Don't match a timestamp request with an echo reply, for example. */ + if ((ping->type == 0 && probe->pspec()->pd.icmp.type != 8) || + (ping->type == 14 && probe->pspec()->pd.icmp.type != 13) || + (ping->type == 18 && probe->pspec()->pd.icmp.type != 17)) + continue; /* Sometimes we get false results when scanning localhost with -p- because we scan localhost with src port = dst port and