Heuristic detection of SSL ports was previously done in 2 different
places, leading to a divergence: shortport.ssl would return true for
more services than comm.tryssl would try, since comm.is_ssl was checking
a shorter list of port numbers and was ignoring
port.version.service_tunnel and port.version.name. Now any changes to
shortport.ssl will affect both libraries.
I got this error compiling on OS X 10.6:
In file included from netutil.cc:132:
../nbase/nbase.h: In function 'int checked_fd_isset(int, const fd_set*)':
../nbase/nbase.h:385: error: invalid conversion from 'const fd_set*' to 'fd_set*'
../nbase/nbase.h:385: error: initializing argument 2 of 'int __darwin_fd_isset(int, fd_set*)'
netutil.cc: In function 'int send_ipv6_ip(const sockaddr_in6*, const unsigned char*, size_t)':
netutil.cc:3846: warning: unused variable 'tclass'
make[2]: *** [netutil.o] Error 1
make[1]: *** [netutil_build] Error 2
nmap.new_try() shouldn't be used in libraries. It results in Lua errors
being thrown that the script can't recover from without resorting to
pcall(). It has been replaced in proxy.lua with proper error handling
which did not require any changes to the scripts (http-open-proxy and
socks-open-proxy) that used it.
Reported by Lior Levinsky. As part of r32469, which added IPv6 IPID
sequnce detection, the logic to detect all-zero IPID sequences was
split. get_diffs was returning IPID_SEQ_UNKNOWN, IPID_SEQ_RD, or
1 for all-zeros, but the get_ipid_sequence_* functions were treating
every non-zero return value as indicating all-zeros, which meant that
IPID sequence detection was broken.
http://seclists.org/nmap-dev/2014/q1/287
1. The first paragraph of a function's NSEdoc is used as a short
summary. Some of these were very long, so I split off a shorter summary.
2. Use asterisks (*) to denote bulletted lists, not 'o'
3. Wrap lines at 80 columns
4. a couple other spelling and formatting fixes
1. All @table blocks must have an explicit @name
2. All @field blocks must have both a name and description
Also added some more information to the creds.States table description
@field tag names in NSEdoc must be valid identifiers, so they cannot
contain "-". As a general rule, anything that needs to be quoted like
this: mytable["field-name"] is invalid. In this case, the ajp library
had a field called "status-line", which caused NSEdoc generation to fail
when it was finally documented. This change renames it to "status_line",
which should fix the issue.
Previous content_length == 0 was overloaded to mean that Content-Length
was set. But that was wrong when the Content-Length was actually 0.
The error message you got when running an HTTP proxy that received
0-length POSTs was
POST request with no Content-Length.
