Remove the last byte from the end of the xdmcp version probe. According

to the XDMCP specification at http://cgit.freedesktop.org/xorg/doc/xorg-docs/plain/hardcopy/XDMCP/xdmcp.PS.gz, it's just a junk trailer following the zero-length array of authentication names, and that "no padding of any sort will occur within the packets." It still correctly identifies an xdm running locally in my testing. The specification also says "Packets that have too little or too much data should be ignored," but that must not be taken seiously because the X server that comes with Mac OS X sends several junk null bytes at the end of its XDMCP queries.
2025-12-27 18:09:01 +00:00 · 2009-08-14 16:56:05 +00:00
parent 2309d9af4a
commit fae45d2c3c
1 changed files with 1 additions and 1 deletions
--- a/2
+++ b/2
@@ -7158,7 +7158,7 @@ softmatch oracle-tns m|^\0.\0\0[\x02\x04]\0\0\0|s p/Oracle TNS Listener/
 match dbsnmp m|^\0,\0\0\x04\0\0\0\"\0\0 \(CONNECT_DATA=\(COMMAND=version\)\)| p/Oracle DBSNMP/

 ##############################NEXT PROBE##############################
-Probe UDP xdmcp q|\0\x01\0\x02\0\x01\0\0|
+Probe UDP xdmcp q|\0\x01\0\x02\0\x01\0|
 rarity 6
 ports 177
 match xdmcp m/^\0\x01\0\x05..\0\0\0.(.+)\0.(.+)/ p/XDMCP/ v/host $1 willing/ i/Status: $2/ o/Unix/