target address address field, not the destination address in the
enclosing ethernet frame. Some operating systems, including Windows
7 and Solaris 10, are known to at least sometimes send their ARP
replies to the broadcast address and Nmap wouldn't notice them. The
symptom of this was that root scans wouldn't work ("Host seems
down") but non-root scans would work. Thanks to Mike Calmus and
Vijay Sankar for reporting the problem, and Marcus Haebler for
suggesting the fix.
to be enabled when the GCC major version was greater than or equal to 4,
but the test was backwards to it was in effect for for versions less
than or equal to 4. So it was in effect already unconditional.
-fstrict-aliasing is supported all the way back in 2.95.2, and I suppose
-fno-strict-aliasing is too.
for an interface, and skip the interface. The warning looks like
Warning: Unable to get hardware address for interface %s -- skipping it.
This happens when a FireWire interface (fw*) has an address configured on Mac
OS X. Previously Nmap would die in getinterfaces so it wasn't even possible to
scan over the other interfaces.
o Fixed a log_write call and a pfatal call to use a syntax which is
safer from format strings bugs. This allows Nmap to build with the
gcc -Wformat -Werror=format-security options. [Guillaume Rousse]
o A bug in Nsock was fixed: On systems where a nonblocking connect
could succeed immediately, connections that were requested to be
tunnelled through SSL would actually be plain text. This could be
verified with an Ncat client and server running on localhost. This
was observed to happen with localhost connections on FreeBSD 7.2.
Non-localhost connections were likely not affected. The bug was
reported by Daniel Roethlisberger. [David]
have their verbosity level automatically increased by one. Many
will print negative results ("no infection found") at a higher
verbosity level. The idea is that if you ask for a script
specifically, you are more interested in such results.
so that read errors for both can be handled in the same place. SSL_read
errors were not being handled at all, which would cause the Ncat broker
to use 100% CPU after a client disconnected. The problem was reported by
Kris at http://seclists.org/nmap-dev/2009/q2/0840.html.
default when a socket error occurs. This used to require -v, but
printing no message at all could make a failed connection look like
success in a case like
ncat remote < short-file
again. Here are the items which were merged:
------------------------------------------------------------------------
r13971 | jah | 2009-06-29 14:30:27 -0700 (Mon, 29 Jun 2009) | 2 lines
Improved a pattern for matching HTTP status-line, tidy away some variables and
fix a typo.
------------------------------------------------------------------------
r13967 | daniel | 2009-06-29 13:47:04 -0700 (Mon, 29 Jun 2009) | 5 lines
o Added a convenience top-level BSD makefile redirecting BSD make
to GNU make on BSD systems. This should help prevent bogus
error reports when users run "make" instead of "gmake" on BSD
systems. [Daniel Roethlisberger]
------------------------------------------------------------------------
r13965 | batrick | 2009-06-29 06:50:11 -0700 (Mon, 29 Jun 2009) | 14 lines
[NSE] The NSE Nsock Library binding no longer relies on garbage collection to
monitor the use of socket "slots". A thread (script) attempting to connect must
first obtain one of a limited number of available socket locks (usually 10 or
--max-parallelism). The binding would use garbage collection of sockets to
determine when a thread has finished using its allocated sockets. This is
unfortunately slow and requires us to constantly run the garbage collector to
cause timely reallocation. I have changed the binding to now regularly inspect
allocated sockets in the nsock_loop function. Available sockets slots are now
immediately reallocated and done with far less execution time.
See [1] for benchmarks and further explanation.
[1] http://seclists.org/nmap-dev/2009/q2/0624.html
------------------------------------------------------------------------
r13964 | batrick | 2009-06-29 06:37:49 -0700 (Mon, 29 Jun 2009) | 10 lines
[NSE] Fixed a rare (and usually undetectable) bug that can cause a SEGFAULT.
The NSE nsock library binding may attempt to push values on the stack of
a thread that ended due to an error. It is possible that the internal
Lua stack was completely full and any further pushed values would result
in a segmentation memory violation.
This bug is very hard to reproduce with a SEGFAULT but is usually visible
when Lua assertion checks are turned on. A socket handler routine must be
called AFTER a thread has ended in error.
------------------------------------------------------------------------
r13963 | batrick | 2009-06-29 05:51:20 -0700 (Mon, 29 Jun 2009) | 3 lines
Fixed some global scoped variables to be local. This caused a many scripts to
overwrite each others' sockets, options, etc.
------------------------------------------------------------------------
r13939 | joao | 2009-06-27 16:07:35 -0700 (Sat, 27 Jun 2009) | 2 lines
Fixed port rule to include ssl pop3 port, now that pop3.lua supports SSL connections in function capabilities
------------------------------------------------------------------------
r13938 | joao | 2009-06-27 16:06:28 -0700 (Sat, 27 Jun 2009) | 2 lines
Added transparent SSL support using comm.tryssl
------------------------------------------------------------------------
r13937 | joao | 2009-06-27 16:05:19 -0700 (Sat, 27 Jun 2009) | 2 lines
Added transparent SSL support using comm.tryssl
------------------------------------------------------------------------
r13936 | joao | 2009-06-27 16:03:50 -0700 (Sat, 27 Jun 2009) | 2 lines
Added SSL transparent support using comm.tryssl
------------------------------------------------------------------------
r13935 | joao | 2009-06-27 16:02:39 -0700 (Sat, 27 Jun 2009) | 2 lines
Added SSL transparent support using comm.tryssl
------------------------------------------------------------------------
r13934 | joao | 2009-06-27 16:01:38 -0700 (Sat, 27 Jun 2009) | 2 lines
Added SSL transparent support using comm.tryssl
------------------------------------------------------------------------
r13933 | joao | 2009-06-27 16:00:27 -0700 (Sat, 27 Jun 2009) | 2 lines
SSL transparent support using comm.tryssl
------------------------------------------------------------------------
r13932 | joao | 2009-06-27 15:19:58 -0700 (Sat, 27 Jun 2009) | 2 lines
Included transparent ssl support to function pop3.capabilities using comm.tryssl
------------------------------------------------------------------------
r13931 | joao | 2009-06-27 15:19:06 -0700 (Sat, 27 Jun 2009) | 3 lines
New version of comm.lua with function tryssl, that transparently adds support to ssl connections
------------------------------------------------------------------------
r13930 | joao | 2009-06-27 14:50:38 -0700 (Sat, 27 Jun 2009) | 6 lines
Fixed buffering problem exposed by david on nmap-dev list.
The problem was solved using a buffer to receive the data, making the script work fine in cases where the ssh packets are fragmented.
A very similar solution was applied to ssh1.lua.
------------------------------------------------------------------------
r13928 | batrick | 2009-06-27 04:43:12 -0700 (Sat, 27 Jun 2009) | 18 lines
[NSE] We now propogate a NSE initiated yield on a script through all user
coroutines so that NSE may resume control. Previously, scripts that would yield
in a child coroutine (e.g. a script's child coroutine generated by Lua's
coroutine.create function) would give control back to the script. A script
would yield in this way by making a blocking socket operation. NSE would be
unable to correctly resume child coroutine when the socket operation is
finished processing.
By yielding the chain of coroutines a script has operating, we allow to NSE to
handle the socket operation properly. NSE would then resume the entire chain so
execution may correctly resume at the coroutine which initiated the socket
operation. This restores the "illusion" that a script executes without
interruption.
See [1] for more information, further explanation, and some use cases.
[1] http://seclists.org/nmap-dev/2009/q2/0586.html
------------------------------------------------------------------------
r13817 | david | 2009-06-18 15:57:29 -0700 (Thu, 18 Jun 2009) | 3 lines
Improve an OS fingerprint with a model number and broader matching.
Based on a follow-up report from a submitter.
------------------------------------------------------------------------
r13814 | josh | 2009-06-17 21:34:15 -0700 (Wed, 17 Jun 2009) | 3 lines
[zenmap] Added support to zenmap for the new SCTP options: -PY, -sY and -sZ
------------------------------------------------------------------------
r13797 | ron | 2009-06-17 11:02:18 -0700 (Wed, 17 Jun 2009) | 1 line
Applied a patch from Mak Kolibabi that enhances the output of smb-enum-processes. The output is now modeled after the output of the 'ps' tool for higher verbosity levels.
------------------------------------------------------------------------
r13795 | david | 2009-06-17 09:05:21 -0700 (Wed, 17 Jun 2009) | 6 lines
The configure script now allows cross-compiling by assuming that
libpcap is recent enough. Previously it would quit because a test
program could not be run. libpcap will always be recent enough when
the included copy is used. The patch was contributed by Mike
Frysinger.
added to existing HostInfo objects. This made examining scan diffs problematic
in zenmap. The second had to do with canceling a scan and then removing it.
This would clear much of the information from the rest of the GUI.
listen mode works. The new default behavior is to accept only one
connection, and quit when the connection ends. This was necessary to
prevent data loss in some situations; some programs require Ncat to
send an EOF before they flush their internal buffers and finish
processing the last bit of data. See
http://seclists.org/nmap-dev/2009/q2/0528.html for more information.
Use the new -k or --keep-open option to get the old behavior, in
which Ncat will accept multiple simultaneous connection, combine all
their input, and accept more connections after a disconnection.
certain function that is not in OpenSSL before 0.9.7, but is required
for correct operation after 0.9.7. The technique is from Network
Security with OpenSSL, whose code is at http://www.opensslbook.com/code.html
(see ssl/common.c).
