WSAEventSelect call we make to find out when the socket is ready for reading,
also makes it non-blocking for the purpose of writing. A fast-writing process
could cause a WSAEWOULDBLOCK error. This was reported by David Millis.
than one string of digits. Joe Dietz reported that an interface with
the name e1000g0 was causing the error message
Warning: Unable to open interface e1000g0 -- skipping it.
on Solaris 9. [David]
file again when it needs it. This is called from nmap_free_mem, because
cp_free (also called by nmap_free_mem) invalidates members of the
services data structures.
In normal use this doesn't matter. It only matters when reinvoking the
engine several times with --interactive.
entries:
o [NSE] Raw packet sending at the IP layer is now supported, in addition to
the Ethernet sending functionality. Packets to send start with an IPv4
header and can be sent to arbitrary hosts. [Kris]
o [NSE] Added the ipidseq script to classify a host's IP ID sequence numbers
in the same way Nmap does. This can be used to test hosts' suitability for
Nmap's Idle Scan (-sI), i.e. check if a host is an idle zombie. This is
the first script to use the new raw IP sending functionality in NSE. [Kris]
o [NSE] Added the function nmap.is_privileged() to tell a script if, as far
as Nmap's concerned, it can do privileged operations. For instance, this
can be used to see if a script should be able to open a raw socket or
Ethernet interface. [Kris]
o [NSE] Added the function nmap.get_ports() to allow a script to iterate
over a host's port tables matching a certain protocol and state. [Kris,
Patrick]
and broadcast lists when a connection is broken, instead of re-reading
the descriptor from the fdinfo struct. The problem was that there were
two calls to rm_fd, and the first one invalidated the data that the
struct pointer pointed to.
For some reason this didn't cause any problems in most situations. Mak
Kolybabi reported that it caused a segfault in
ncat -l --ssl -k -v 5061 > /dev/null < /dev/zero
With SSL, new connections would try to read memory that was previously
freed, as descriptors were not being removed from the broadcast list as
they were removed from the read list.
You can see the error in these debug logs:
NCAT DEBUG: Closing connection.
NCAT DEBUG: Swapping fd[2] (4) with fd[3] (5)
NCAT DEBUG: Removed fd 4 from list, nfds 3, maxfd 5
NCAT DEBUG: Swapping fd[1] (5) with fd[1] (5)
NCAT DEBUG: Removed fd 5 from list, nfds 1, maxfd 4
The "Remove fd X" should have the same X in both lines.
recommendation from Daniel Roethlisberger. TRACE is interesting because
it can be used to get cookies or authentication data in a cross-site
scripting attack. See http://www.owasp.org/index.php/Cross_Site_Tracing.
methods it discovers are in (GET, HEAD, POST, OPTIONS, TRACE). In
verbose mode, or if any other method is discovered, it prints all
methods (and optionally retests them). See
http://seclists.org/nmap-dev/2010/q1/401.
