TIMEVAL_SEC_SUBTRACT bug

[Scott Renfro <scott () renfro org>]

So this one explains why sometimes numqueries_ideal would skyrocket once
a target was in firewallmode.

In check_firewallmode() we do

   if (TIMEVAL_SEC_SUBTRACT(current_time, last_adjust) > 5)

to see if 5 seconds have passed since the last time we bumped up
numqueries_ideal.

However, TIMEVAL_SEC_SUBTRACT() is defined in utils.h as

   ((a).tv_sec - (b).tv_sec + ((a).tv_usec - (b).tv_usec + 500)/1000)

Notice that the right half is in microseconds, but the code divides by
1000 as though it were milliseconds.  This overemphasized the difference
in the fractional seconds by three orders of magnitude (obviously),
resulting in numqueries_ideal growing faster than expected.  In a few
cases, b.tv_usec > a.tv_usec and you end up with a negative time
difference ;-)

The following change seems to make sense; it essentially truncates
towards zero integer seconds, not giving you credit for a second until
you've accrued all 1000000 usec of it).  A full patch is attached.
Here's the patch I'm submitting.

old:

   ((a).tv_sec - (b).tv_sec + ((a).tv_usec - (b).tv_usec + 500)/1000)

new:

   ((a).tv_sec - (b).tv_sec + (((a).tv_usec < (b).tv_usec) ? -1 : 0))

cheers,
--Scott

-- 
Scott Renfro <scott () renfro org>                          +1 650 862 4206

Attachment: nmap-sec-subtr.diff
Description:

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).