Strip carriage returns (\r) from output to prevent spoofing

CHANGELOG

@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o Improved some output filtering to remove or escape carriage returns ('\r')
+  that could allow output spoofing by overwriting portions of the screen. Issue
+  reported by Adam Rutherford. [Daniel Miller]
+
 o [NSE] Fixed a few bad Lua patterns that could result in denial of service due
   to excessive backtracking. [Adam Rutherford, Daniel Miller]
 

output.cc

@@ -462,7 +462,8 @@ static std::string escape_for_screen(const std::string s) {
   for (unsigned int i = 0; i < s.size(); i++) {
     char buf[5];
     unsigned char c = s[i];
-    if (c == '\t' || c == '\r' || c == '\n' || (0x20 <= c && c <= 0x7e)) {
+    // Printable and some whitespace ok. "\r" not ok because it overwrites the line.
+    if (c == '\t' || c == '\n' || (0x20 <= c && c <= 0x7e)) {
       r += c;
     } else {
       Snprintf(buf, sizeof(buf), "\\x%02X", c);

service_scan.cc

@@ -691,7 +691,7 @@ static char *transform_cpe(const char *s) {
       Snprintf(buf, sizeof(buf), "%%%02X", *p);
       repl = buf;
     /* Replacing spaces with underscores is also a convention. */
-    } else if (*p == ' ') {
+    } else if (isspace(*p)) {
       repl = "_";
     /* Otherwise just make lower-case. */
     } else {