The old behavior (of using the default time of 1s) did not allow constructing
packets without this option, which in turn resulted in (1) DHCPINFORM packets
being non-compliant with RFC 2131 and (2) DHCP discovery scripts potentially
receiving non-default IP lease information. Fixes#2197
Every place this function is used, the result is padded with 0s anyway,
so may as well not strip them here. Didn't remove the padding code since
this could return only 4 chars, and most padding is to 8-char width.
These codepoint references are now left intact. If necessary, it would be
a trivial change to replace them with corresponding UTF sequences.
Note that the previous code was decoding the character references recursively,
which was probably not the intent.
* Avoids accepting identities not representing hostnames as new targets
* Identity representing a wildcard certificate is reduced to its static portion
* Replaces custom crt.sh response parsing with JSON parser
* Adds more error-checking code
* Splits SANs into individual names (closes#2174)
The actual number only matters for certain debug output, so replaced
this frequently-called function with one that short-circuits to return a
boolean. Mostly only matters for host discovery scans, since all others
were only a few instructions already.
We attempted to fix this twice already, so this change reverses r36709
(which simply ignored all Time Exceeded messages for host discovery,
leading to long scan times when the TTL is insufficient) and r34557
(which used incorrect logic to match ICMP responses, resulting in
ignoring all ICMP error messages in response to ICMP probes, e.g. Time
Exceeded for Echo Request).
Instead, we'll correctly verify that the ICMP ID of the *encapsulated
datagram* matches the one for the probe we are attempting to match.
First reported here: https://seclists.org/nmap-dev/2014/q2/105
We handle empty strings just fine, so treat it like that instead of
asserting that the capture must start before the end of the string.
