Due to the use of do{}while; the bounds were checked *after* writing to
the array of source routes. Reproduce:
ncat $(perl -E 'say "-g 1.1.1.1 "x100') scanme.nmap.org 80
Because of the postincrement and <= operators, the parsing could write
as many as 10 struct in_addr into an array allocated for only 8.
Execution would stop because of a later check. Instead, we use
preincrement and < operator to do bounds checking, and check for the
"too many specified" condition with another call to strtok (which should
return NULL if there were no more hops to parse)
for file in `grep "* including the terms and conditions of this license text as well. \*" * -r --files-with-match `; do sed "s/\* including the terms and conditions of this license text as well. \*/* including the terms and conditions of this license text as well. */g" -i $file; done
Have lua_setup return the state it creates. Store the state created from
--lua-exec in the global options table. Use a temporary local for
--lua-exec-internal.
David Millis noticed this error on Windows XP with IPv6 disabled:
Ncat: Failed to resolve default IPv6 address: No such host is known. . QUITTING.
http://seclists.org/nmap-dev/2013/q3/96
more than three times.
The current rules are:
-v --> verbose mode
-vv... --> debug mode
Debug can be higher than two (use debug>=6 for full nsock logs for instance).
This eliminates the ambiguity that could exist when, say, both o.udp and
o.sctp were both set. The code would use whichever it happened to test
first. This also makes TCP mode explicit with IPPROTO_TCP.
compatibility between systems and use cases. [Henri Doreau]
There were known issues with the following cases:
* epoll and regular files
* kqueue and regular files
* WSAPoll and stdin
The --nsock-engine=<ENGINE> can still be used to bypass this
default choice.
See: http://seclists.org/nmap-dev/2012/q4/173
o.af is AF_UNSPEC at this point in the common case that neither -4 nor
-6 was given. The code was falling through to the "else" IPv6 case. I
think we were getting luck with this because the port number happens to
be in the same place in sockaddr_in and sockaddr_in6.
The only error we can have apart from a getaddrinfo error is a list of
zero addresses; return EAI_NONAME in that case.
This unfortunately inverts the truth value of the return code of
resolve; 0 now means success.
