IP ID is an unsigned value. Explicit wrapping checks were needed to
support using a signed int, and a few users were reporting compile
errors because of a large constant:
http://seclists.org/nmap-dev/2013/q4/247
Although $((arithmetic expansion)) is POSIX-specified, some systems have
non-POSIX System V shell, which can't handle it. This patch replaces
$((something)) with $(expr something) to fix compatibility. This
actually slows things down considerably, since a subshell must be
launched for each increment operation, but the tests aren't that
critical. Bug report: http://seclists.org/nmap-dev/2013/q4/198
An off-by-one error meant that we tried 65 at a time. The number 64 came
up in a discussion of limitations of running against IIS.
http://seclists.org/nmap-dev/2012/q3/167
Using offsetof instead of actually dereferencing a 0 pointer is still
standards compliant (works under gcc -ansi, clang -ansi), and is more in
line with how Linux kernel defines this macro (kernel.h). Can't exactly
lift the kernel implementation because it uses gnu-extension typeof.
Not really a necessary change, but it was causing clang's address
sanitizer to complain.
see http://seclists.org/nmap-dev/2013/q4/168
Move some includes out of nmap.h: nmap.h gets included lots of places,
and unconditionally included math.h, ctype.h, errno.h, stdio.h,
sys/stat.h, fcntl.h, sys/types.h, and stdarg.h. This commit moves those
includes into the .cc files where they are necessary and out of nmap.h
Remove redundant include global_structures.h, included from nmap.h
Removed redundant code included from nmap.h
Removing #include nbase.h when nmap.h is included (redundant)
Remove duplicate #include lines
Add ifndef guards to a few .h files
String ipaddr was allocated without allowing space for the null
terminator, resulting in a 1-byte overflow. Caught with clang
-fsanitize=address
Also, fmt was being initialized with sizeof(ipaddr), which happened to
be correct, but should not necessarily be so. We don't care about the
size of the structure, but rather the length of an address in string
notation.
Using TIMEVAL_MSEC_SUBTRACT can lead to integer overflow when the times
are far apart (such as epoch (0) or uninitialized timeval and "now").
Instead, calculate the "deadline" and use TIMEVAL_AFTER to test.
Because http-server-header grabs the server header and sets the service
version hardmatched, Nmap won't print a service fingerprint. This means
people might not submit as many fingerprints in the future, but we would
rather they did (speeds up scans by short-circuiting version probes).
Now http-server-header will print a messages suggesting the use of
--script-args http-server-header.skip for the purposes of submitting a
fingerprint. If this script-arg is set, the script will not run,
preserving Nmap's previous behavior.
This file is automatically copied into the bundle by py2app. It is
already present as a system library on OS X 10.6 and later. Shipping our
own caused a compatibility problem on OS X 10.9:
Could not import the zenmapGUI.App module: 'dlopen(/Applications/Zenmap.app/Contents/Resources/lib/python2.6/lib-dynload/glib/_glib.so, 2): Symbol not found: _xmlBufContent\n Referenced from: /usr/lib/libxslt.1.dylib\n Expected in: /Applications/Zenmap.app/Contents/Frameworks/libxml2.2.dylib\n in /usr/lib/libxslt.1.dylib'.
http://seclists.org/nmap-dev/2013/q4/85
