From fae45d2c3ce4f619cc9d0798781bb3a7dc38f22d Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 14 Aug 2009 16:56:05 +0000
Subject: [PATCH] Remove the last byte from the end of the xdmcp version probe.
 According to the XDMCP specification at
 http://cgit.freedesktop.org/xorg/doc/xorg-docs/plain/hardcopy/XDMCP/xdmcp.PS.gz,
 it's just a junk trailer following the zero-length array of authentication
 names, and that "no padding of any sort will occur within the packets." It
 still correctly identifies an xdm running locally in my testing.

The specification also says "Packets that have too little or too much
data should be ignored," but that must not be taken seiously because the
X server that comes with Mac OS X sends several junk null bytes at the
end of its XDMCP queries.
---
 nmap-service-probes | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nmap-service-probes b/nmap-service-probes
index 33603887d..480229660 100644
--- a/nmap-service-probes
+++ b/nmap-service-probes
@@ -7158,7 +7158,7 @@ softmatch oracle-tns m|^\0.\0\0[\x02\x04]\0\0\0|s p/Oracle TNS Listener/
 match dbsnmp m|^\0,\0\0\x04\0\0\0\"\0\0 \(CONNECT_DATA=\(COMMAND=version\)\)| p/Oracle DBSNMP/
 
 ##############################NEXT PROBE##############################
-Probe UDP xdmcp q|\0\x01\0\x02\0\x01\0\0|
+Probe UDP xdmcp q|\0\x01\0\x02\0\x01\0|
 rarity 6
 ports 177
 match xdmcp m/^\0\x01\0\x05..\0\0\0.(.+)\0.(.+)/ p/XDMCP/ v/host $1 willing/ i/Status: $2/ o/Unix/