strchr() per David's suggestion. strtok uses static (global) state to
track the string it is parsing. In this case, load_exclude was also
using strtok and calling parse_expr which was wiping out the previous
strtok state. This introduce two bugs, first, only the first exclude
on a line would be loaded from the exclude file, and second, there was
an invalid access into free()'d memory in load_exclude (found with
Valgrind). The use of strtok should be highly discouraged because
these types of bugs are so easy to introduce.
addr_stob didn't handle the special case of the sa_len member of
struct sockaddr being equal to 0 and accessed unrelated memory past
the end of the sockaddr. A symptom of this was the fatal error
nexthost: failed to determine route to ...
which was caused by the default route being assigned a netmask other
than 0.0.0.0.
that didn't produce any host output (like "nmap --iflist") and then
tried to remove it from the inventory. [David]
The crash looked like
ValueError: list.remove(x): x not in list
purposes of output. What this means is that the port name will not be
"unknown?" or "ssl/unknown?" if version detection failed to find a match, but
simply "unknown" or "ssl/unknown".
SSL-tunneled port didn't respond to any version probes. Now it keeps "ssl/" as
an indication that SSL was discovered, even if the service behind it wasn't
identified. Kristof Boeynaems reported the problem and contributed a patch.
generation) even if there are no other SEQ test results. Try it with
"nmap -O -d -p 113 scanme.nmap.org". Now you get SEQ(II=I) instead of no
SEQ line at all.
o [Ncat] The syntax accepted by the --allow, --deny, --allowfile, and
--denyfile options is now the same as Nmap's target specifications.
Additionally any errors in the allow or deny specifications are
reported when the program starts, not deferred until a connection is
received. [David]
chars, bytes with value above 0x7F were being sign-extended within a three-byte
buffer to become FFF. This made output like
[0000] 16 03 00 00 53 01 00 00 4F 03 00 3F 47 FFFFFFFFF ....S... O..?G...
[0010] 2C FFFFFFFFF60 7E FFF00 FFFFFF7B FFFFFFFFFFFF77 ,...`~.. ..{....w
[0020] FFFFFFFFFFFF3C 3D FFF6F FFF10 6E 00 00 28 00 16 ....<=.o ..n..(..
Fixed, it looks like
[0000] 16 03 00 00 53 01 00 00 4F 03 00 3F 47 D7 F7 BA ....S... O..?G...
[0010] 2C EE EA B2 60 7E F3 00 FD 82 7B B9 D5 96 C8 77 ,...`~.. ..{....w
[0020] 9B E6 C4 DB 3C 3D DB 6F EF 10 6E 00 00 28 00 16 ....<=.o ..n..(..
garbage output and could crash Zenmap by including 0x0C bytes in XML
files. The Zenmap crash looked like
SAXParseException: .../zenmap-XXXXXX.xml:39:290: not well-formed (invalid token)
space reasons, it is not an executable compiled with py2exe as in
the executable installer, rather it is the Ndiff source code
(ndiff.py) and a batch file wrapper (ndiff.bat). Because it's not
precompiled, it's necessary to have a Python interpreter
installed. [David]
relying on gettext.install to do it. locale.getdefaultlocale checks the LANG
environment variable like gettext.install does, but it additionally does
platform-specific checks that remove the need to set LANG on Windows.
in an attempt to improve compatibility with some versions of GTK+. This may fix
a crash like
File "radialnet/gui/Image.py", line 53, in get_pixbuf
self.__cache[icon + image_type] = gtk.gdk.pixbuf_new_from_file(file)
GError: Couldn't recognize the image file format for file 'radialnet/padlock.png'
All I did was open the files in the GIMP and resave them.
duplicate DLL files to the distribution. David found that using a
different GTK download fixed the problem (see
docs/win32-installer-zenmap-buildguide.txt) and Fyodor was able to
reproduce and implement.
the same as are used to decide whether to print them in the other
formats. So they will be printed if submission is desirable,
otherwise they are only printed if debuging is enabled or verbosity
is 2 or higher. [Tom Sellers]
avoid a race condition. "make all" would make nsock and ncat, and ncat
would in turn make nsock. If the timing was right, the two simultaneous
builds would trample each other.
It may seem inefficient to have all these recursive makes calling down
the dependency tree all the time, but GNU Make at least remembers which
targets were already completed so for example only one descent into
nbase_build will be done per "make all".
XML file, do "nmap 0 -oX -", not "nmap nonexistent -oX -". The first is an
invalid host specification, the second is just a name resolution error. The
original recipe was wrong in the log of the commit that fixed the problem.
