strchr() per David's suggestion. strtok uses static (global) state to
track the string it is parsing. In this case, load_exclude was also
using strtok and calling parse_expr which was wiping out the previous
strtok state. This introduce two bugs, first, only the first exclude
on a line would be loaded from the exclude file, and second, there was
an invalid access into free()'d memory in load_exclude (found with
Valgrind). The use of strtok should be highly discouraged because
these types of bugs are so easy to introduce.
from
21/tcp is open, was filtered.
23/tcp is open, was filtered.
80/tcp is open, was filtered.
8701/tcp is filtered, was open.
to
-21/tcp filtered
+21/tcp open ftp Netgear broadband router ftpd 1.0
-23/tcp filtered
+23/tcp open telnet Netgear broadband router admin telnetd
-80/tcp filtered
+80/tcp open http Embedded Allegro RomPager webserver 4.07 UPnP/1.0 (ZyXEL ZyWALL 2)
-8701/tcp open unknown
+8701/tcp filtered
addr_stob didn't handle the special case of the sa_len member of
struct sockaddr being equal to 0 and accessed unrelated memory past
the end of the sockaddr. A symptom of this was the fatal error
nexthost: failed to determine route to ...
which was caused by the default route being assigned a netmask other
than 0.0.0.0.
that didn't produce any host output (like "nmap --iflist") and then
tried to remove it from the inventory. [David]
The crash looked like
ValueError: list.remove(x): x not in list
the DiffHunk class with a type tag. Now output is handled with polymorphism
rather than dispatching with if/else. It also better shows what members each
hunk type has.
Moved the includes for Lua headers to the .cc files so they are
not needlessly, repeatedly included.
Similarly, moved some standard headers to the .cc files and reorganized
includes to be uniform for all nse_* source files.
Fixed whitespace (removed tabs).
keeps the following debugging line from being printed in these modes:
PORTS: Using top 1000 ports found open (TCP:0, UDP:0)
This also speeds these up because it doesn't necessarily have to read and parse
nmap-services. Going from 0.25s to 0.04s for listing a /24 sounds good to me :)
