so that read errors for both can be handled in the same place. SSL_read
errors were not being handled at all, which would cause the Ncat broker
to use 100% CPU after a client disconnected. The problem was reported by
Kris at http://seclists.org/nmap-dev/2009/q2/0840.html.
default when a socket error occurs. This used to require -v, but
printing no message at all could make a failed connection look like
success in a case like
ncat remote < short-file
http.lua. Previously the code was not careful about checking its input,
and would loop forever if it got something non-hex where it expected a
hex chunk-size. See http://seclists.org/nmap-dev/2009/q3/0013.html.
This code raises an error whenever decoding fails for whatever reason.
It also handles chunk extensions. The reference is section 3.6.1 of
RFC 2616.
in getinterfaces. This was the cause of an overlapping memcpy reported
at http://seclists.org/nmap-dev/2009/q2/0713.html.
In the code, sin is a pointer that holds the address of the IP address
configured for an interface. It is copied into a tmpifr.ifr_addr before
each ioctl, perhaps because that is required on some platforms even
though on Linux only ifr_name is needed by the ioctl. When the ioctl
returns, it overwrites whatever was in ifr_addr because that member is
in a union, so sin is kept in order to restore the address again before
the next ioctl.
In the code that handles SIOCGIFNETMASK, sin was mistakenly used as a
temporary pointer and redirected to &tmpifr.ifr_addr. This caused all
future memcpys before ioctl to copy tmpifr.ifr_addr to itself, rather
than copying in the IP address of the interface.
The throwaway sin assignment was not even used; the code that used it
was modified in r2751. So now we just keep sin pointing where it should
the whole time.
another thing otherwise in a big if/else. Now getinterfaces just does
caching and getinterfaces_dnet or getinterfaces_siocgifconf does the
actual interface lookup.
Often two (or more) scripts using the same library would
overwrite the globals each was using. This would result
in (at best) an error or (at worst) a deadlock.
The patch changes the global accesses to local.
sending. In send_ip_packet, unswap them after sending so that the buffer is
returned unmodified. Do the packet trace after unswapping the values so that
the correct length and fragmentation offset are reported. On Mac OS X, an
ip_len of 60 (0x003c) was being reported as 15360 (0x3c00) and when ip_off had
the DF flag set (0x4000), it looked like a fragmentation offset of 512
(0x0040 * 8).
which have been merged to the upstream libdnet repository and thus
do not have to be re-applied when the libdnet version included with
Nmap is updated in the future.
GC for collecting socket locks [1].
If a thread does not close any sockets it creates, and then
returns (or errors), the thread and sockets will keep their "lock" until
garbage collected. This would be the same situation as before in this
particular case (reliance on GC).
To fix this, I have changed the socket unlock system to close all the sockets
of a thread not yielded and remove its "lock".
[1] http://seclists.org/nmap-dev/2009/q2/0624.html
