Re: 2.06 (Solaris bug)

[Bryan Blackburn <blb () pobox com>]

This problem stems from the way nmap gets random numbers in Solaris.  In
utils.c, the following code (line 201) is present:

    for(i=0; i < sizeof(bytebuf) / sizeof(int); i++) {
      iptr = (int *) ((char *)bytebuf + i * sizeof(int));
      *iptr = rand();
    }

rand() on Solaris returns a range of 0 to (2^15)-1, which causes the
above code to have 16 bits of zeros every other 16 bits.  When a short
is needed, it'll get 0, hence the infinite loop on

        while(!id) id = get_random_uint();

in osscan.c (line 982).

At least for Solaris, changing (back in utils.c) iptr to a short * and
the for loop to:

    for(i=0; i < sizeof(bytebuf) / sizeof(short); i++) {
      iptr = (short *) ((char *)bytebuf + i * sizeof(short));
      *iptr = rand();
    }

seems to do the trick.  Not sure what the effect would be on an OS that
returns something resembling an int, but it looks like it'd just be less
efficient.

Bryan


//Stany wrote:
> On Mon, 8 Feb 1999, Fyodor wrote:
>
> > I just released 2.06 which is a "quick fix" release to solve a few
> > problems people had with 2.05.  Here are the most important changes:
> >
> > -- Fixed compile problems on machines which lack snprintf() (found by Ken
> >    Williams <jkwilli2 () unity ncsu edu>)
> > -- Added the squid proxy to nmap-services (suggested by Holger Heimann)
> > -- Fixed a problem where the new memory allocation system was handing out
> >    misaligned pointers.
> > -- Fixed another memory allocation bug which probably doesn't cause any
> >    real-life problems.
> > -- Made nmap look in more places for nmap-os-fingerprints
> >
> > Anyone who has problems with 2.05 should try 2.06 before reporting errors.
>
> Ok, Well, 2.05 was coreing under Solaris 2.6 SPARC (specifically it was
> doing that if name of the machine givn to it was not resolving), while the
> 2.06 seems to run.  However, and this little "however" is a show stopper
> for me, it seems like the -sS support have become broken again.
>
> In other words: 8-(
>
> root@zerkalo:/opt/nmap/bin[6]# ./nmap -vv -O -sS gargoyle
[...output snipped...]
> Just for record:
> root@zerkalo:/opt/nmap/bin[8]# uname -a
> SunOS zerkalo.notbsd.org 5.6 Generic_105181-11 sun4m sparc SUNW,SPARCstation-10
>
> I would love to try to figure this one out, but due to lack of time I'll
> have to wait till the next week-end.  If anyone fixes it before then,
> great!
>
> Oh, and BTW:  Switch to new /dev/urandom or /dev/random as the default
> source of entropy causes a warning upon start-up, as Solaris lacks that
> (seems to be true for both SunOS 5.6 and 5.7).  It might be worth-while to
> implement OS detection at compile time, and #ifdef Solaris, then
> transparently switch back to the old source of entropy as the default.
> Same thing might apply for other OSes lacking true randomness.  ;-)
>
> It is just a cosmetic issue, though.
>
> > Cheers,
> > Fyodor
>
> //Stany
> --
> +-----------------------------------------------------------------------------+
> |         Stanislav N. Vardomskiy - Procurator Odiosus Ex Infernis[TM]        |
> |        This message is brought to you by letters jey, ow, el and tee.       |
> |              Jolt!  For all the sugar and twice the caffeine.               |
> +-----------------------------------------------------------------------------+