See http://seclists.org/nmap-dev/2012/q4/334 for why this wasn't really
a big problem. This solution is essentially how netcat-openbsd does it:
mkstemp creates the file and opens it, but then we just unlink it and
only use the returned name. Functionality is pretty much the same as the
tempnam version.
Make current loglevel and current log callback global
to the library. Attaching them to the nsock pool doesn't
bring any benefit and prevents from logging activity in
code sections that don't have access to a pool (such as
proxy chain specification parsing).
Updated external calls and nsock tests accordingly.
Due to the use of do{}while; the bounds were checked *after* writing to
the array of source routes. Reproduce:
ncat $(perl -E 'say "-g 1.1.1.1 "x100') scanme.nmap.org 80
Changes:
* Fix a collision of the name PS_NONE with a different constant in shlobj.h
* Update solution and project files for VS2013
* Update the NSIS installer to reference the VC 2013 redistributable
Because of the postincrement and <= operators, the parsing could write
as many as 10 struct in_addr into an array allocated for only 8.
Execution would stop because of a later check. Instead, we use
preincrement and < operator to do bounds checking, and check for the
"too many specified" condition with another call to strtok (which should
return NULL if there were no more hops to parse)
The docbook-to-nroff XSL pages turn indexterms into nroff comments, but
have a bug: If the closing indexterm element is not followed by
whitespace and cdata, then the following element or cdata is stuck on
the same line as the comment. Fixed this temporarily by introducing
whitespace between </indexterm> and following cdata or by moving the
indexterm elements after any other element (<command>, <term>, etc.)
that they reference.
Reported on debian bugtracker here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724580
We can't remove an fdinfo from client_fdlist and still expect to access
the fdinfo via a pointer we got from get_fdinfo(&client_fdlist) since
rm_fd() modifies the data at the address pointed to. So instead of
removing it from the list and then adding it right back, we just don't
remove it in the first place.
