It seems that this function was usually called after having called
currentProbe outside the call to currentprobe_timemsleft, with the call
to currentProbe inside the function having the same result. This is a
bit tenuous, so make the probe we're talking about explicit.
Resolves these Parfait reports
(http://seclists.org/nmap-dev/2012/q4/412).
Error: Null pointer dereference (CWE 476)
Read from null pointer 'ServiceNFO::currentProbe(this)'
at line 1813 of components/nmap/build/amd64/service_scan.cc in function 'ServiceNFO::currentprobe_timemsleft(timeval const*)'.
Function 'ServiceNFO::currentProbe()' may return constant 'NULL' at line 1707, called at line 1813.
Null pointer introduced at line 1707 in function 'ServiceNFO::currentProbe()'.
This is simple IPv6 unicast ranges. For example,
nmap -6 en.wikipedia.org/120 -sn
The other, more complicated part of this overall change is automatic
multicast scanning of large local subnets. That part isn't done yet.
Reworked the logging infrastructure to make it more flexible
and consistent.
Updated nmap, nping and ncat accordingly. Nsock log level can
now be adjusted at runtime by pressing d/D in nmap.
Importing the whole std namespace caused a problem with Clang and the
punning of bind and std::bind.
http://seclists.org/nmap-dev/2012/q4/58
The Web's opinion of "using namespace std" also seems to be more against
than for.
The exceptions are the calls in ncat/ncat_connect.c and
nping/EchoServer.cc. Ncat doesn't have an option for the interface, and
I think Nping's -e option is only meant to apply to probes, not to the
echo server listener.
Setting --min-parallelism without also setting --max-parallelism would
force the max parallelism to the same value. So, for example,
--min-parallelism=1 would also limit the max parallelism to 1. This
patch, based on one by Chris Woodbury, allows the max parallelism to
rise above this minimum, up to the maximum defined by each scan phase.
CPEs are available at host.os (for the ones from OS fingerprinting) and
port.version.cpe (for the version detection ones).
This patch also fix a memory leak that David noticed in
PortList::setServiceProbeResults().
Service fingerprints are supposed to be wrapped at 74 columns. The first
line was sometimes 148 columns because the preamble,
SF-Port1234-TCP:V=5.36TEST2%I=7%D=12/15%Time=4D096053%P=i686-pc-windows-windows
wasn't allowed to be wrapped, so this problem occurred whenever the
preamble was longer than 74 bytes.
Miller reported that an EPROTO was causing Nmap to exit after sending
the Sqlping probe during service scan. The error message was
"Unexpected error in NSE_TYPE_READ callback. Error code: 71 (Protocol
error)". We suspect this was caused by a forged ICMP packet sent by an
active firewall.
already open. Rob Nicholls pointed out that setting the state
unconditionally results in multiple messages per port:
Discovered open port 3389/tcp
Discovered open port 3389/tcp
Discovered open port 3389/tcp
Discovered open port 3389/tcp
This is because setPortState has the side effect of printing a message.
scan response, instead of checking for a current state of
PORT_OPENFILTERED. The code calls getPortState, but the port may not
have been assigned a state, again because of the new Port allocation
architecture, so the function returns -1.
It would make sense to have getPortState return the default port state
if a Port has not been allocated, but there are two other places it is
used where the code relies on it returning -1 to indicate that a port
has not received a state yet.
changes. The first is that Port objects don't allocate memory for
service and RPC results unless that information is set. This reduces the
size of a bare Port from 92 to 40 bytes on my machine. The second change
is that PortList now has the notion of a "default port state," which is
the state of any ports that didn't receive a response. These ports don't
need an allocated Port object, which saves a lot of memory in scans
where most ports didn't get a response.
substitutions more explicit. Formerly the number of arguments was
checked implicitly by checking their type (that they had a specific type
and were not SUBSTARGS_ARGTYPE_NONE), but this makes it clearer.
