More intelligent OS fingerprint merging

[David Fifield <david () bamsoftware com>]

Nmap can perform OS detection several times against a host, resulting in
serveral fingerprints. When Nmap displays these fingerprints, it merges
them into one and tries to remove lines that are duplicated between the
fingerprints, reducing the overall length of the fingerprint string.

If some lines from a fingerprint were missing or out of order, the
duplicate-line elimination code would get confused and leave in
duplicate lines. The duplicate lines make the fingerprint unnecessarily
long and make it harder to read.

r5046 in /nmap-exp/soc07/nmap fixes this. It puts all the lines in a
list and sorts it before removing duplicates, ensuring that they are all
removed and that they are displayed strictly in the correct order.

To compare lines, the old code used the same function that is used when
matching observed fingerprints to the reference database. This function,
in addition to treating the values of one fingerprint's tests as
expressions, also ignores tests that are present in one fingerprint but
not in the other. I thought this behavior was wrong for the merging
code, so I changed the merging code to use plain string comparisons.

Because this code is related to OS fingerprint submission, it's fairly
important. Therefore I wrote in a check to ensure that no tests are
accidentally lost by the new merging code.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org