proposal. This only affects Nmap's root directory. We might also need to
modify the code which autogenerates Nmap's source code files such as IPv6
fingerprinting code.
for file in `grep "* including the terms and conditions of this license text as well. \*" * -r --files-with-match `; do sed "s/\* including the terms and conditions of this license text as well. \*/* including the terms and conditions of this license text as well. */g" -i $file; done
Contrary to the doc comment, this function could never return false but
only cause a fatal error.
Resolves these Parfait reports
(http://seclists.org/nmap-dev/2012/q4/412).
Error: Null pointer dereference (CWE 476)
Read from null pointer 'port'
at line 344 of components/nmap/build/amd64/portlist.cc in function 'PortList::setServiceProbeResults(unsigned short, int, serviceprobestate, char const*, service_tunnel_type, char const*, char const*, char const*, char const*, char const*, char const*, std::vector<char const*, std::allocator<char const*> > const*, char const*)'.
Function 'PortList::createPort(unsigned short, unsigned char)' may return constant 'NULL' at line 671, called at line 343.
Null pointer introduced at line 671 in function 'PortList::createPort(unsigned short, unsigned char)'.
Error: Null pointer dereference (CWE 476)
Write to null pointer 'current'
at line 520 of components/nmap/build/amd64/portlist.cc in function 'PortList::setPortState(unsigned short, unsigned char, int)'.
Function 'PortList::createPort(unsigned short, unsigned char)' may return constant 'NULL' at line 671, called at line 518.
Null pointer introduced at line 671 in function 'PortList::createPort(unsigned short, unsigned char)'.
Error: Null pointer dereference (CWE 476)
Write to null pointer 'answer'
at line 880 of components/nmap/build/amd64/portlist.cc in function 'PortList::setStateReason(unsigned short, unsigned char, unsigned short, unsigned char, sockaddr_storage const*)'.
Function 'PortList::createPort(unsigned short, unsigned char)' may return constant 'NULL' at line 671, called at line 877.
Null pointer introduced at line 671 in function 'PortList::createPort(unsigned short, unsigned char)'.
at line 885 of components/nmap/build/amd64/portlist.cc in function 'PortList::setStateReason(unsigned short, unsigned char, unsigned short, unsigned char, sockaddr_storage const*)'.
Function 'PortList::createPort(unsigned short, unsigned char)' may return constant 'NULL' at line 671, called at line 877.
Null pointer introduced at line 671 in function 'PortList::createPort(unsigned short, unsigned char)'.
Scripts may now return a key–value table, or such a table in addition to
a string. The table will be automatically formatted for normal output
and will appear as a hierarchy of elements in XML output.
Some history and discussion of this development can be found at
https://secwiki.org/w/Nmap/Structured_Script_Output.
This is a merge of r29484:29569 from /nmap-exp/david/xml-output.
CPEs are available at host.os (for the ones from OS fingerprinting) and
port.version.cpe (for the version detection ones).
This patch also fix a memory leak that David noticed in
PortList::setServiceProbeResults().
port is unknown, instead of -1. This makes it a better fit with the
other accessor functions. For those callers that need to know whether a
port is in the default state or not, add PortList::portIsDefault.
Having getPortState return -1 for ports in the default state would cause
the slightly wrong
Discovered unknown port 88/udp on 192.168.0.190 is actually open
to be printed instead of
Discovered open|filtered port 88/udp on 192.168.0.190 is actually open
changes. The first is that Port objects don't allocate memory for
service and RPC results unless that information is set. This reduces the
size of a bare Port from 92 to 40 bytes on my machine. The second change
is that PortList now has the notion of a "default port state," which is
the state of any ports that didn't receive a response. These ports don't
need an allocated Port object, which saves a lot of memory in scans
where most ports didn't get a response.
a layer 4 protocol used mostly for telephony related applications.
This brings the following new features:
o SCTP INIT chunk port scan (-sY): open ports return an INIT-ACK
chunk, closed ones an ABORT chunk. This is the SCTP equivalent
of a TCP SYN stealth scan.
o SCTP COOKIE-ECHO chunk port scan (-sZ): open ports are silent,
closed ports return an ABORT chunk.
o SCTP INIT chunk ping probes (-PY): host discovery using SCTP
INIT chunk packets.
o SCTP-specific IP protocol scan (-sO -p sctp).
o SCTP-specific traceroute support (--traceroute).
o The ability to use the deprecated Adler32 algorithm as specified
in RFC 2960 instead of CRC32C from RFC 4960 (--adler32).
o 42 well-known SCTP ports were added to the nmap-services file.
Part of the work on SCTP support was kindly sponsored by
Compass Security AG, Switzerland. [Daniel Roethlisberger]
attempt to reduce the number of warnings like "Warning: Servicescan
failed to fill info_template...". Parts of this change include:
o Improved the text of the warning to be less confusing
o Increased the internal version info buffer to 256 chars from 128
o Increased the final version string length to 160 from 128 chars
o Changed the behavior when constructing the final version string so
that if it runs out of space, rather than dropping the output of that
template it truncates the template with ...
o Fixed the printing of unneeded spaces between templates when one of the
templates isn't going to be printed at all.
as the "name_confidence" member of a service match. I grepped the whole source
tree and couldn't find any reference to "confidence" besides its declaration
and initialization; it builds fine without it.
