and broadcast lists when a connection is broken, instead of re-reading
the descriptor from the fdinfo struct. The problem was that there were
two calls to rm_fd, and the first one invalidated the data that the
struct pointer pointed to.
For some reason this didn't cause any problems in most situations. Mak
Kolybabi reported that it caused a segfault in
ncat -l --ssl -k -v 5061 > /dev/null < /dev/zero
With SSL, new connections would try to read memory that was previously
freed, as descriptors were not being removed from the broadcast list as
they were removed from the read list.
You can see the error in these debug logs:
NCAT DEBUG: Closing connection.
NCAT DEBUG: Swapping fd[2] (4) with fd[3] (5)
NCAT DEBUG: Removed fd 4 from list, nfds 3, maxfd 5
NCAT DEBUG: Swapping fd[1] (5) with fd[1] (5)
NCAT DEBUG: Removed fd 5 from list, nfds 1, maxfd 4
The "Remove fd X" should have the same X in both lines.
recommendation from Daniel Roethlisberger. TRACE is interesting because
it can be used to get cookies or authentication data in a cross-site
scripting attack. See http://www.owasp.org/index.php/Cross_Site_Tracing.
methods it discovers are in (GET, HEAD, POST, OPTIONS, TRACE). In
verbose mode, or if any other method is discovered, it prints all
methods (and optionally retests them). See
http://seclists.org/nmap-dev/2010/q1/401.
buildGet/buildRequest with a one-step build_request. Provide a new
function generic_request that can do a request for any given method
(get, head, and post are now defined in terms of this function).
options table, in http functions. It was unreasonable that this
yet-unused feature was given a more prominent place than even the header
and request body, both of which are in the options table.
This change doesn't affect any other scripts or libraries because none
of them use cookies. In the cases, like http.get, where cookies was an
optional final parameter, I just removed it. Where it was not the final
parameter, as in http.post and http.pGet, I left the parameter in place
but documented that it is ignored for backwards compatibility.
make use of it. Added 5 scripts that use the new libraries:
- snmp-netstat shows listening and connected sockets
- snmp-processes shows process information including name, pid, path and
parameters
- snmp-win32-services shows the names of running Windows services
- snmp-win32-shares shows the names and path of Windows shares
- snmp-win32-software shows a list of installed Windows software
- snmp-win32-users shows a list of local Windows users
checked that the internal buffer was not empty before a send; I changed
it to have an effect only when at least one byte has been written
already.
Formerly, zero-byte sends such as socket:send("") in NSE would crash
Nmap, for both UDP and TCP. I tested this change on Linux, and for UDP
it sends a zero-byte datagram, and for TCP it sends nothing at all.
o Removed the nmap_service.exe helper program for smb-psexec, as it
was still being flagged by malware detection even after the
bit-flipping in the next release. You can now download it from
http://nmap.org/psexec/nmap_service.exe. (The script will remind you
if it's not installed.)
the script indicating where to download it if it is not available. Make
the script check whether the file is the normal binary from 5.20 or
before, or the XOR-encoded binary from 5.21.
