Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets

Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets

From: Fyodor <fyodor_at_insecure.org>
Date: Wed, 23 Apr 2008 20:30:30 -0700

I just checked in this fix, which seems to fix the problem in my
testing. I moved the Nmap srand to be much earlier in the code to
reduce the chances of it clobbering other srand() calls, and I also
made it unique from the srand() call used by nbase. Thanks to Jah and
Brandon for your help.

Index: main.cc
===================================================================
--- main.cc (revision 7181)
+++ main.cc (working copy)
@@ -157,7 +157,6 @@
   char *endptr;
   int interactivemode = 0;
   int fd;
- struct timeval tv;
   int arglen = 0;
 
 #ifdef __amigaos__
@@ -180,10 +179,6 @@
   mtrace();
 #endif
 
- /* You never know when "random" numbers will come in handy ... */
- gettimeofday(&tv, NULL);
- srand((tv.tv_sec ^ tv.tv_usec) ^ getpid());
-
   /* Trap these sigs for cleanup */
 #if HAVE_SIGNAL
   signal(SIGINT, sigdie);
Index: nmap.cc
===================================================================
--- nmap.cc (revision 7181)
+++ nmap.cc (working copy)
@@ -505,6 +505,7 @@
   size_t sslen;
   int option_index;
   bool iflist = false;
+ struct timeval tv;
 
   // Pre-specified timing parameters.
   // These are stored here during the parsing of the arguments so that we can
@@ -647,6 +648,11 @@
   fakeargv[argc] = NULL;
 
   if (argc < 2 ) printusage(argv[0], -1);
+
+ /* You never know when "random" numbers will come in handy ... */
+ gettimeofday(&tv, NULL);
+ srand((tv.tv_sec ^ tv.tv_usec) ^ getpid() + 31337);
+
   Targets.reserve(100);
 #ifdef WIN32
   win_pre_init();
Index: CHANGELOG
===================================================================
--- CHANGELOG (revision 7181)
+++ CHANGELOG (working copy)
@@ -1,5 +1,10 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o Fix a bug in the nbase random number generator (and the way it
+ interacted with Nmap and MS Windows) which caused duplicates in some
+ instances. Thanks to Jah for reporting the problem and working with
+ Brandon Enright and Fyodor and Kris to fix it.
+
 o The scan status message now shows correct elapsed times past 24
   minutes. Previously the hours would roll over prematurely. [David]
 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Apr 23 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]