fix a couple bugs found by Jochen (voss at seehuhn.de

CHANGELOG

@@ -1,15 +1,20 @@
 # Nmap Changelog ($Id$); -*-text-*-
+o Upgraded the included LibPCRE from version 6.4 to 6.7.  Thanks to
+  Jochen Voß (voss(a)seehuhn.de) for the suggestion (he found some bugs
+  in 6.4)
+
 4.20ALPHA11
 
 o Integrated all of your OS detection submissions, bringing the
   database up to 149 fingerprints.  This is an increase of 28% from
-  ALPHA10.  Notable new new additions include FreeBSD 6.1, a bunch of
-  HP LaserJet printers, and HP-UX 11.11.  We also got a bunch of more
+  ALPHA10.  Notable additions include FreeBSD 6.1, a bunch of HP
+  LaserJet printers, and HP-UX 11.11.  We also got a bunch of more
   obscure submissions like Minix 3.1.2a and "Ember InSight Adapter for
-  programming EM2XX-family embedded devices".  I'm hoping that all the
-  obscure submissions mean that more of the mainstream systems are
-  being detected out of the box!  Please keep those submissions
-  (obscure or otherwise) coming!
+  programming EM2XX-family embedded devices".  Who doesn't have a few
+  of those laying around?  I'm hoping that all the obscure submissions
+  mean that more of the mainstream systems are being detected out of
+  the box!  Please keep those submissions (obscure or otherwise)
+  coming!
 
 4.20ALPHA10
 

MACLookup.cc

@@ -182,7 +182,7 @@ static void mac_prefix_init() {
     ME->vendor = cp_strdup(p);
 
     if (MacTable.table_members > MacTable.table_capacity * 0.8)
-      error("WARNING:  nmap-mac-prefixes has grown to more than 80\% of our hash table size.  MacTable.table_capacity should be increased");
+      error("WARNING:  nmap-mac-prefixes has grown to more than 80%% of our hash table size.  MacTable.table_capacity should be increased");
 
     // Now insert it into the table
     if (MacTable.table_members >= MacTable.table_capacity)

docs/nmap.1

@@ -2,7 +2,7 @@
 .\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
 .\" Instead of manually editing it, you probably should edit the DocBook XML
 .\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "NMAP" "1" "11/02/2006" "" "Nmap Reference Guide"
+.TH "NMAP" "1" "11/03/2006" "" "Nmap Reference Guide"
 .\" disable hyphenation
 .nh
 .\" disable justification (adjust text to left margin only)
@@ -91,7 +91,7 @@ This options summary is printed when Nmap is run with no arguments, and the late
 \fI\%http://insecure.org/nmap/data/nmap.usage.txt\fR. It helps people remember the most common options, but is no substitute for the in\-depth documentation in the rest of this manual. Some obscure options aren't even included here.
 .PP
 .nf
-Nmap 4.20ALPHA10 ( http://insecure.org )
+Nmap 4.20ALPHA11 ( http://insecure.org )
 Usage: nmap [Scan Type(s)] [Options] {target specification}
 TARGET SPECIFICATION:
   Can pass hostnames, IP addresses, networks, etc.

libpcre/COPYING

@@ -0,0 +1,68 @@
+PCRE LICENCE
+------------
+
+PCRE is a library of functions to support regular expressions whose syntax
+and semantics are as close as possible to those of the Perl 5 language.
+
+Release 6 of PCRE is distributed under the terms of the "BSD" licence, as
+specified below. The documentation for PCRE, supplied in the "doc"
+directory, is distributed under the same terms as the software itself.
+
+The basic library functions are written in C and are freestanding. Also
+included in the distribution is a set of C++ wrapper functions.
+
+
+THE BASIC LIBRARY FUNCTIONS
+---------------------------
+
+Written by:       Philip Hazel
+Email local part: ph10
+Email domain:     cam.ac.uk
+
+University of Cambridge Computing Service,
+Cambridge, England. Phone: +44 1223 334714.
+
+Copyright (c) 1997-2006 University of Cambridge
+All rights reserved.
+
+
+THE C++ WRAPPER FUNCTIONS
+-------------------------
+
+Contributed by:   Google Inc.
+
+Copyright (c) 2006, Google Inc.
+All rights reserved.
+
+
+THE "BSD" LICENCE
+-----------------
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the name of Google
+      Inc. nor the names of their contributors may be used to endorse or
+      promote products derived from this software without specific prior
+      written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+End

libpcre/NMAP_MODIFICATIONS

@@ -1,4 +1,4 @@
-This directory conains a version of LibPCRE 4.3 that has been stripped
+This directory conains a version of LibPCRE 6.7 that has been stripped
 down to under half its original uncompressed size.  So if you want
 docs, tests and such, you should go to the PCRE website at
 http://www.pcre.org .  Here are the changes for the Nmap version:
@@ -104,3 +104,4 @@ intel:
  AC_SUBST(POSIX_OBJ)
  AC_SUBST(POSIX_LOBJ)
 
+o rm pcre_printint.src

nmap-os-db

@@ -1740,24 +1740,6 @@ T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
 
-# Microsoft Windows Vista English PRE-RC1 Build 5536
-# Vista Beta 2 Build 5472
-Fingerprint Microsoft Windows Vista Beta 2 (Build 5472)
-Class Microsoft | Windows | Vista | general purpose
-SEQ(SP=D2-11B%GCD=<7%ISR=107-113%TI=I%II=I%SS=S%TS=6|7)
-OPS(O1=M5B4NW8ST11%O2=M5B4NW8ST11%O3=M5B4NW8NNT11%O4=M5B4NW8ST11%O5=M5B4NW8ST11%O6=M5B4ST11)
-WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)
-ECN(R=Y%DF=Y%T=80%TG=80%W=2000%O=M5B4NW8NNS%CC=N%Q=)
-T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
-T2(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
-T3(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)
-T4(R=Y%DF=Y%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
-T5(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
-T6(R=Y%DF=Y%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
-T7(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
-U1(DF=N%T=80%TG=80%TOS=0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
-IE(DFI=N%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
-
 # Windows 2000 Advanced Server with SP4 and latest Windows Update patches as of September 8, 2006
 Fingerprint Microsoft Windows 2000 AS SP4
 Class Microsoft | Windows | 2000 | general purpose
@@ -1791,6 +1773,23 @@ T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=S%T=40%TG=40%TOSI=Z%CD=Z%SI=S%DLI=S)
 
+# Microsoft Windows 2000 server with SP4 build 2195
+Fingerprint Microsoft Windows 2000 Server SP4
+Class Microsoft | Windows | 2000 | general purpose
+SEQ(SP=F8-102%GCD=<7%ISR=9C-10D%TI=I%II=I%SS=O|S%TS=0)
+OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)
+WIN(W1=FAF0|FFFF%W2=FAF0|FFFF%W3=FAF0|FFFF%W4=FAF0|FFFF%W5=FAF0|FFFF%W6=FAF0|FFFF)
+ECN(R=Y%DF=Y%T=80%TG=80%W=FAF0|FFFF%O=M5B4NW0NNS%CC=N%Q=)
+T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
+T3(R=Y%DF=Y%T=80%TG=80%W=FAF0|FFFF%S=O%A=S+%F=AS%O=M5B4NW0NNT00NNS%RD=0%Q=)
+T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
+
 # Taken on an X86 SMP machine
 Fingerprint Microsoft Windows 2000 SP4
 Class Microsoft | Windows | 2000 | general purpose
@@ -1825,6 +1824,26 @@ T7(R=Y%DF=N%T=81%TG=81%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=81%TG=81%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=S%T=81%TG=81%TOSI=Z%CD=Z%SI=S%DLI=S)
 
+# German Version of Microsoft Windows 2000 Server with SP4 [Version 5.00.2195]
+# MS Windows 2000 Server SP4
+# MS win2K SP4 running Citrix Metaframe
+# Microsoft Windows 2000 pro SP4 and latest Windows Update patches as of Aug 15, 2005
+Fingerprint Microsoft Windows 2000 SP4
+Class Microsoft | Windows | 2000 | general purpose
+SEQ(SP=D5-101%GCD=<7%ISR=103-11A%TI=I%II=I%SS=S%TS=0)
+OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)
+WIN(W1=4470|FC00%W2=41A0|FC00%W3=4100|FC00%W4=40E8|FC00%W5=40E8|FC00%W6=402E|FC00)
+ECN(R=Y%DF=Y%T=80%TG=80%W=4470|FC00%O=M5B4NW0NNS%CC=N%Q=)
+T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
+T3(R=Y%DF=Y%T=80%TG=80%W=402E|FC00%S=O%A=S+%F=AS%O=M5B4NW0NNT00NNS%RD=0%Q=)
+T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
+
 # Windows 2003 Server winver output: Version 5.2 (Build 3790.srv03_sp1_rtm.050324-1447 : Service Pack 1)
 # Windows Server 2003 - 3790.srv03_sp1_rtm.050324-1447, Service Pack 1
 # windows 2003 x64 5.2 build 3790.srv03_sp1_gdr.060315-1609
@@ -1896,43 +1915,6 @@ T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=80%TG=80%TOS=0%IPL=B0%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
 
-# Microsoft Windows 2000 server with SP4 build 2195
-Fingerprint Microsoft Windows 2000 Server SP4
-Class Microsoft | Windows | 2000 | general purpose
-SEQ(SP=F8-102%GCD=<7%ISR=9C-10D%TI=I%II=I%SS=O|S%TS=0)
-OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)
-WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)
-ECN(R=Y%DF=Y%T=80%TG=80%W=FFFF%O=M5B4NW0NNS%CC=N%Q=)
-T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
-T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
-T3(R=Y%DF=Y%T=80%TG=80%W=FFFF%S=O%A=S+%F=AS%O=M5B4NW0NNT00NNS%RD=0%Q=)
-T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
-T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
-T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
-T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
-U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
-IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
-
-# German Version of Microsoft Windows 2000 Server with SP4 [Version 5.00.2195]
-# MS Windows 2000 Server SP4
-# MS win2K SP4 running Citrix Metaframe
-# Microsoft Windows 2000 pro SP4 and latest Windows Update patches as of Aug 15, 2005
-Fingerprint Microsoft Windows 2000 SP4
-Class Microsoft | Windows | 2000 | general purpose
-SEQ(SP=D5-101%GCD=<7%ISR=103-11A%TI=I%II=I%SS=S%TS=0)
-OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)
-WIN(W1=4470|FC00%W2=41A0|FC00%W3=4100|FC00%W4=40E8|FC00%W5=40E8|FC00%W6=402E|FC00)
-ECN(R=Y%DF=Y%T=80%TG=80%W=4470|FC00%O=M5B4NW0NNS%CC=N%Q=)
-T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
-T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
-T3(R=Y%DF=Y%T=80%TG=80%W=402E|FC00%S=O%A=S+%F=AS%O=M5B4NW0NNT00NNS%RD=0%Q=)
-T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
-T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
-T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
-T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
-U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
-IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
-
 # Windows 98 4.10.1998
 Fingerprint Microsoft Windows 98
 Class Microsoft | Windows | 98 | general purpose
@@ -1966,6 +1948,24 @@ T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=S%T=80%TG=80%TOSI=S%CD=Z%SI=S%DLI=S)
 
+# Microsoft Windows Vista English PRE-RC1 Build 5536
+# Vista Beta 2 Build 5472
+Fingerprint Microsoft Windows Vista Beta 2 (Build 5472)
+Class Microsoft | Windows | Vista | general purpose
+SEQ(SP=D2-11B%GCD=<7%ISR=107-113%TI=I%II=I%SS=S%TS=6|7)
+OPS(O1=M5B4NW8ST11%O2=M5B4NW8ST11%O3=M5B4NW8NNT11%O4=M5B4NW8ST11%O5=M5B4NW8ST11%O6=M5B4ST11)
+WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)
+ECN(R=Y%DF=Y%T=80%TG=80%W=2000%O=M5B4NW8NNS%CC=N%Q=)
+T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
+T3(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)
+T4(R=Y%DF=Y%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=Y%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=80%TG=80%TOS=0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=N%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
+
 # Microsoft Windows XP Professional (all patches up to date 9/29/06) Winver: Build 2600.xpsp_sp2_gdr.050301-1519 : Service Pack 2
 # Microsoft Windows XP version 5.1 (build 2600.xpsp_sp2_gdr.050301-1519: Service Pack 2)
 # Microsoft Windows XP Professional w/SP2 and latest Windows Update patches as of 27Oct06
@@ -2640,3 +2640,37 @@ T6(R=N)
 T7(R=N)
 U1(DF=N%T=FE%TG=FE%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=N%T=FE%TG=FE%TOSI=S%CD=S%SI=S%DLI=S)
+
+# These had latest windows updates until October '06
+Fingerprint Microsoft Windows 2000, SP0, SP1, or SP2
+Class Microsoft | Windows | 2000 | general purpose
+SEQ(SP=6A-8C%GCD=<7%ISR=95-9F%TI=I%II=I%SS=S%TS=0)
+OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)
+WIN(W1=FAF0%W2=FAF0%W3=FAF0%W4=FAF0%W5=FAF0%W6=FAF0)
+ECN(R=Y%DF=Y%T=80%TG=80%W=FAF0%O=M5B4NW0NNS%CC=N%Q=)
+T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
+T3(R=Y%DF=Y%T=80%TG=80%W=FAF0%S=O%A=S+%F=AS%O=M5B4NW0NNT00NNS%RD=0%Q=)
+T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
+
+# These had latest windows updates until October '06
+Fingerprint Microsoft Windows 2000 SP3
+Class Microsoft | Windows | 2000 | general purpose
+SEQ(SP=D4-E8%GCD=<7%ISR=FE-108%TI=I%II=I%SS=S%TS=0)
+OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)
+WIN(W1=FAF0%W2=FAF0%W3=FAF0%W4=FAF0%W5=FAF0%W6=FAF0)
+ECN(R=Y%DF=Y%T=80%TG=80%W=FAF0%O=M5B4NW0NNS%CC=N%Q=)
+T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
+T3(R=Y%DF=Y%T=80%TG=80%W=FAF0%S=O%A=S+%F=AS%O=M5B4NW0NNT00NNS%RD=0%Q=)
+T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)

output.cc

@@ -1167,7 +1167,7 @@ static void printosclassificationoutput(const struct OS_Classification_Results *
 	      strcat(familygenerations[familyno], "|");
 	    strncat(familygenerations[familyno], 
 		    OSR->OSC[classno]->OS_Generation, 
-		    sizeof(familygenerations[familyno]) - flen);
+		    sizeof(familygenerations[familyno]) - flen - 1);
 	  }
 	  break;
 	}

tcpip.cc

@@ -500,7 +500,7 @@ static const char *ippackethdrinfo(const u8 *packet, u32 len) {
 	*p++ = 'A';
 	snprintf(buf, sizeof(buf), " ack=%lu", 
 		 (unsigned long) ntohl(tcp->th_ack));
-	strncat(tcpinfo, buf, sizeof(tcpinfo));
+	strncat(tcpinfo, buf, sizeof(tcpinfo) - 1);
       }
       if (tcp->th_flags & TH_URG) *p++ = 'U';
       if (tcp->th_flags & TH_ECE) *p++ = 'E'; /* rfc 2481/3168 */