- Add patch resolving an infinite loop in the scan engine

- Bump PORTREVISION

PR:		ports/94264
Submitted by:	maintainer
Requested by:   Alan Amesbury <amesbury@umn.edu>

2 files changed, 46 insertions, 0 deletions

diff --git a/security/nmap/Makefile b/security/nmap/Makefile
index 58a044f8b017..b5adf3289cef 100644
--- a/security/nmap/Makefile
+++ b/security/nmap/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME?=	nmap
 PORTVERSION=	${DISTVERSION:L:C/([a-z])[a-z]+/\1/g:C/[^a-z0-9+]+/./g}
+PORTREVISION=	1
 CATEGORIES=	security ipv6
 MASTER_SITES=	http://download.insecure.org/nmap/dist/ \
 		http://www.mirrors.wiretapped.net/security/network-mapping/nmap/ \
diff --git a/security/nmap/files/patch-scan_engine.cc b/security/nmap/files/patch-scan_engine.cc
new file mode 100644
index 000000000000..5ea4ee9129cd
--- /dev/null
+++ b/security/nmap/files/patch-scan_engine.cc
@@ -0,0 +1,45 @@
+$FreeBSD$
+
+Patch taken from <20060217013528.GG7214@syn.lnxnet.net>.
+http://seclists.org/lists/nmap-dev/2006/Jan-Mar/0205.html
+Will be included in nmap 4.02.
+
+--- scan_engine.cc.ORIG	Wed Mar  8 13:36:06 2006
++++ scan_engine.cc	Wed Mar  8 13:40:44 2006
+@@ -807,6 +807,7 @@
+ 
+   /* Returns true if the GLOBAL system says that sending is OK.*/
+ bool GroupScanStats::sendOK() {
++  int recentsends;
+ 
+   if (USI->scantype == CONNECT_SCAN && CSI->numSDs >= CSI->maxSocketsAllowed)
+     return false;
+@@ -815,7 +816,9 @@
+      the last listen call, at least for systems such as Windoze that
+      don't give us a proper pcap time.  Also for connect scans, since
+      we don't get an exact response time with them either. */
+-  if (USI->scantype == CONNECT_SCAN || !pcap_recv_timeval_valid()) {
++  recentsends = USI->gstats->probes_sent - USI->gstats->probes_sent_at_last_wait;
++  if (recentsends > 0 &&
++     (USI->scantype == CONNECT_SCAN || !pcap_recv_timeval_valid())) {
+     int to_ms = (int) MAX(to.srtt * .75 / 1000, 50);
+     if (TIMEVAL_MSEC_SUBTRACT(USI->now, last_wait) > to_ms)
+       return false;
+@@ -828,7 +831,7 @@
+      responses when I scan localhost.  And half of those are the @#$#
+      sends being received.  I think I'll put a limit of 50 sends per
+      wait */
+-  if (USI->gstats->probes_sent - USI->gstats->probes_sent_at_last_wait >= 50)
++  if (recentsends >= 50)
+     return false;
+ 
+   /* When there is only one target left, let the host congestion
+@@ -969,7 +972,7 @@
+ 
+   getTiming(&tmng);
+   if (tmng.cwnd >= num_probes_active + .5 && 
+-      (freshPortsLeft() || num_probes_waiting_retransmit)) {
++      (freshPortsLeft() || num_probes_waiting_retransmit || !retry_stack.empty())) {
+     if (when) *when = USI->now;
+     return true;
+   }