PortList::forgetPort in verbose mode tries to print details on a Port
after it has been deleted. This function is only called in idle and ftp
bounce scans. Reported by Mak Kolybabi:
http://seclists.org/nmap-dev/2015/q1/129
for file in `grep "* including the terms and conditions of this license text as well. \*" * -r --files-with-match `; do sed "s/\* including the terms and conditions of this license text as well. \*/* including the terms and conditions of this license text as well. */g" -i $file; done
Contrary to the doc comment, this function could never return false but
only cause a fatal error.
Resolves these Parfait reports
(http://seclists.org/nmap-dev/2012/q4/412).
Error: Null pointer dereference (CWE 476)
Read from null pointer 'port'
at line 344 of components/nmap/build/amd64/portlist.cc in function 'PortList::setServiceProbeResults(unsigned short, int, serviceprobestate, char const*, service_tunnel_type, char const*, char const*, char const*, char const*, char const*, char const*, std::vector<char const*, std::allocator<char const*> > const*, char const*)'.
Function 'PortList::createPort(unsigned short, unsigned char)' may return constant 'NULL' at line 671, called at line 343.
Null pointer introduced at line 671 in function 'PortList::createPort(unsigned short, unsigned char)'.
Error: Null pointer dereference (CWE 476)
Write to null pointer 'current'
at line 520 of components/nmap/build/amd64/portlist.cc in function 'PortList::setPortState(unsigned short, unsigned char, int)'.
Function 'PortList::createPort(unsigned short, unsigned char)' may return constant 'NULL' at line 671, called at line 518.
Null pointer introduced at line 671 in function 'PortList::createPort(unsigned short, unsigned char)'.
Error: Null pointer dereference (CWE 476)
Write to null pointer 'answer'
at line 880 of components/nmap/build/amd64/portlist.cc in function 'PortList::setStateReason(unsigned short, unsigned char, unsigned short, unsigned char, sockaddr_storage const*)'.
Function 'PortList::createPort(unsigned short, unsigned char)' may return constant 'NULL' at line 671, called at line 877.
Null pointer introduced at line 671 in function 'PortList::createPort(unsigned short, unsigned char)'.
at line 885 of components/nmap/build/amd64/portlist.cc in function 'PortList::setStateReason(unsigned short, unsigned char, unsigned short, unsigned char, sockaddr_storage const*)'.
Function 'PortList::createPort(unsigned short, unsigned char)' may return constant 'NULL' at line 671, called at line 877.
Null pointer introduced at line 671 in function 'PortList::createPort(unsigned short, unsigned char)'.
Importing the whole std namespace caused a problem with Clang and the
punning of bind and std::bind.
http://seclists.org/nmap-dev/2012/q4/58
The Web's opinion of "using namespace std" also seems to be more against
than for.
Scripts may now return a key–value table, or such a table in addition to
a string. The table will be automatically formatted for normal output
and will appear as a hierarchy of elements in XML output.
Some history and discussion of this development can be found at
https://secwiki.org/w/Nmap/Structured_Script_Output.
This is a merge of r29484:29569 from /nmap-exp/david/xml-output.
This was a sockaddr_storage, which is 128 bytes. This is a lot for a
structure that is part of Port. It is now a union of sockaddr_in and
sockaddr_in6, which is 28 bytes. A new set_ip_addr method sets the union
from a sockaddr_storage, where plain assignment was used before.
The sockaddr_storage was introduced in r23778, the first big IPv6 merge.
CPEs are available at host.os (for the ones from OS fingerprinting) and
port.version.cpe (for the version detection ones).
This patch also fix a memory leak that David noticed in
PortList::setServiceProbeResults().
PROBESTATE_EXCLUDED, and PROBESTATE_INCOMPLETE to 3, not 2. We're
looking up the service name in the same way as when no service detection
is done, so the confidence should be the same.
I think you can make a case that the confidence should be lower if
service detection is done but doesn't find a match. But this matches the
behavior of Nmap 4.76, using a confidence of 3 for
PROBESTATE_FINISHED_NOMATCH.
match, not only for PROBESTATE_EXCLUDED. Otherwise a serviceDeductions
gets allocated but its name doesn't get set. Later, when a
serviceDeductions is present with no name, XML output doesn't print the
service element.
