From e8bd0016198d32a5f877ecdf38ed478b3be99b0a Mon Sep 17 00:00:00 2001
From: shinnok <shinnok@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sat, 18 Jun 2011 11:20:54 +0000
Subject: [PATCH] Fix build_icmp_raw and build_igmp_raw filling the packet data
 payload with zeroes instead of the supplied random data, when nmap is invoked
 with --data-length.

---
 tcpip.cc | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/tcpip.cc b/tcpip.cc
index cd103b4a7..3db10fa57 100644
--- a/tcpip.cc
+++ b/tcpip.cc
@@ -613,7 +613,7 @@ u8 *build_ip_raw(const struct in_addr *source,
               tos, ipid, df ? IP_DF : 0, myttl, proto, source, victim);
 
   /* We should probably copy the data over too */
-  if (data)
+  if (data && datalen)
     memcpy((u8 *) ip + sizeof(struct ip) + ipoptlen, data, datalen);
 
   *outpacketlen = packetlen;
@@ -1030,9 +1030,10 @@ u8 *build_icmp_raw(const struct in_addr *source,
     fatal("Unknown icmp type/code (%d/%d) in %s", ptype, pcode, __func__);
   }
 
-  if (datalen > 0) {
+  /* Copy the data over too */
+  if (data && datalen) {
     icmplen += MIN(dlen, datalen);
-    memset(datastart, 0, MIN(dlen, datalen));
+    memcpy(datastart, data, MIN(dlen, datalen));
   }
 
   /* Fill out the ping packet. All the ICMP types handled by this function have
@@ -1138,9 +1139,10 @@ u8 *build_igmp_raw(const struct in_addr *source,
     fatal("Unknown igmp type (%d) in %s", ptype, __func__);
   }
 
-  if (datalen > 0) {
+  /* Copy the data over too */
+  if (data && datalen) {
     igmplen += MIN(dlen, datalen);
-    memset(datastart, 0, MIN(dlen, datalen));
+    memcpy(datastart, data, MIN(dlen, datalen));
   }
 
   igmp.igmp_cksum = 0;