Because of previous merging, some fingerprints had grown to encompass
others. Other fingerprints for the same or similar devices were close
enough that they could be merged. This was a manual review of 614
fingerprints that were identified as differing from some other
fingerprint by only the SEQ line (256 unique non-SEQ fingerprints).
The result: 44 fingerprints were merged into others, or were deleted
because they were a proper subset of some other fingerprint (e.g. Linux
2.6.17 that is not distinguishable from a broader Linux 2.6.11-2.6.32
fingerprint). A couple of these appeared to be identical copy-and-paste
errors in the past. I was very conservative in what I chose to merge,
choosing only the most-obvious fingerprint pairs that did not lose
information (e.g. not merging unrelated specialized devices, even if
their fingerprints were very close).
Doesn't happen often, but as the message says, certain Solaris zones can
cause problems here. This message is more informative than the previous
"socket troubles in Init"
This change restores the control flow of handling connect() return and
error values. This shouldn't result in any real changes, but makes it
simpler to see the differences introduced in r33185.
Some errors were not properly propagated. Ensure proxy_resolve() returns
a negative error code and make the caller fatal() when unable to complete
proxy_chain initialization for whatever reason.
Since the refactor in r33185, getting a good response for a host during
a ping scan can remove all outstanding probes for that host, since we
already know the host is up. This broke the existing iteration in some
cases. I could force the crash with: nmap -sn -PS80-89 scanme.nmap.org
Now we check explicitly for an empty list each time through the loop.
Consolidate connect-scan status and errno checking
Previously, the return value and socket errors from the connect() call
were checked in two different places: immediately after the call, and
then later as the sockets were select()ed over. This led to a divergence
of logic, so the immediate checking failed to set state reasons or
contribute to timing. This commit puts all such checking into a single
function, handleConnectResult, so further improvements will not diverge
again.
Previously, the return value and socket errors from the connect() call
were checked in two different places: immediately after the call, and
then later as the sockets were select()ed over. This led to a divergence
of logic, so the immediate checking failed to set state reasons or
contribute to timing. This commit puts all such checking into a single
function, handleConnectResult, so further improvements will not diverge
again.
In sendConnectScanProbe, the usual method is to start a non-blocking
connect() and then do select() on the sockets until we get a result. On
some platforms and in some circumstances, connect() either blocks or
comes back immediately. We handled this by setting the port state
appropriately, but we didn't set the reason, yielding results like "Host
is up, received no-response" and "80/tcp open http no-response"
Some vsnprintf implementations (or perhaps some compiler options?) don't
like formatting NULL as %s, and will segfault (ran into this with
libstdc++ on Solaris). We don't get bug reports because at least some
(including mine on Ubuntu) will simply format it as "(null)".
This patch adds explicit checking for NULL to avoid the segfault
condition.
For example, "-oX -sV logfile.xml" would have meant write to a file named '-sV' previously
Now, it generates the error message "Output filename begins with '-'. Try '-oX ./-sV' if you really want it to be named as such. QUITTING."
proposal. This only affects Nmap's root directory. We might also need to
modify the code which autogenerates Nmap's source code files such as IPv6
fingerprinting code.
