Rounding of OS match percentages differs between architectures

[David Fifield <david () bamsoftware com>]

Hello,

I noticed something unusual while I was doing research scanning to
improve OS detection (http://seclists.org/nmap-dev/2008/q4/0346.html).
One particular target was a 97% match for a certain fingerprint when
scanned from a 32-bit Linux host, and a 98% match for the same
fingerprint when scanned from a 64-bit Linux host. I looked at the
prints with the fingerprint utilities and saw that the same tests failed
both times, so the percentages should have been the same.

The correct percentage was 98%. The print matched 1225 / 1250 possible
points, which is exactly 0.98. This can't be represented exactly in
binary floating point. It seems that when this percentage is multiplied
by 100 and then cast to an int, it can become either 97 or 98 depending
on the architecture. You can verify this with a short program like

#include <stdio.h>

int main(void)
{
        double frac = 0.98;
        printf("%d%% %.f%%\n", (int) (frac * 100), frac * 100);
        return 0;
}

On my 32-bit machine the output is

97% 98%

On a 64-bit machine it is

98% 98%

Nmap currently uses printf("%d%%", (int) (frac * 100)) to show match
percentages. Using printf("%.f%%", frac * 100) would remove this problem
but would create another, namely that everything 99.5% and above would
be rounded to 100%.

Anyone have an opinion on this or see a good way to handle it?

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org