--- nmap-3.48-rnd/tcpip.cc	2003-12-22 23:21:09.000000000 +0100
+++ nmap-3.48/tcpip.cc	2003-09-20 11:03:00.000000000 +0200
@@ -579,8 +579,7 @@
   u8 protocol;
   u16 length;
 };
-unsigned int rand_size = datalen>0?get_random_uint() % (datalen+1):0;
-u8 *packet = (u8 *) safe_malloc(sizeof(struct ip) + sizeof(struct tcphdr) + optlen + rand_size);
+u8 *packet = (u8 *) safe_malloc(sizeof(struct ip) + sizeof(struct tcphdr) + optlen + datalen);
 struct ip *ip = (struct ip *) packet;
 struct tcphdr *tcp = (struct tcphdr *) (packet + sizeof(struct ip));
 struct pseudo_header *pseudo =  (struct pseudo_header *) (packet + sizeof(struct ip) - sizeof(struct pseudo_header)); 
@@ -631,7 +630,7 @@
 pseudo->s_addy = source->s_addr;
 pseudo->d_addr = victim->s_addr;
 pseudo->protocol = IPPROTO_TCP;
-pseudo->length = htons(sizeof(struct tcphdr) + optlen + rand_size);
+pseudo->length = htons(sizeof(struct tcphdr) + optlen + datalen);
 
 tcp->th_sport = htons(sport);
 tcp->th_dport = htons(dport);
@@ -655,25 +654,25 @@
 else tcp->th_win = htons(1024 * (myttl % 4 + 1)); /* Who cares */
 
  /* We should probably copy the data over too */
- if (data && rand_size)
-   memcpy(packet + sizeof(struct ip) + sizeof(struct tcphdr) + optlen, data, rand_size);
+ if (data && datalen)
+   memcpy(packet + sizeof(struct ip) + sizeof(struct tcphdr) + optlen, data, datalen);
  /* And the options */
  if (optlen) {
    memcpy(packet + sizeof(struct ip) + sizeof(struct tcphdr), options, optlen);
  }
 
 #if STUPID_SOLARIS_CHECKSUM_BUG
- tcp->th_sum = sizeof(struct tcphdr) + optlen + rand_size; 
+ tcp->th_sum = sizeof(struct tcphdr) + optlen + datalen; 
 #else
 tcp->th_sum = in_cksum((unsigned short *)pseudo, sizeof(struct tcphdr) + 
-		       optlen + sizeof(struct pseudo_header) + rand_size);
+		       optlen + sizeof(struct pseudo_header) + datalen);
 #endif
 /* Now for the ip header */
 
 memset(packet, 0, sizeof(struct ip)); 
 ip->ip_v = 4;
 ip->ip_hl = 5;
-ip->ip_len = BSDFIX(sizeof(struct ip) + sizeof(struct tcphdr) + optlen + rand_size);
+ip->ip_len = BSDFIX(sizeof(struct ip) + sizeof(struct tcphdr) + optlen + datalen);
 get_random_bytes(&(ip->ip_id), 2);
 ip->ip_ttl = myttl;
 ip->ip_p = IPPROTO_TCP;
@@ -840,8 +839,8 @@
  		  int ttl, u16 sport, u16 dport, u16 ipid, char *data, 
 		  u16 datalen) 
 {
-unsigned int rand_size = datalen>0?get_random_uint() % (datalen+1):0;
-unsigned char *packet = (unsigned char *) safe_malloc(sizeof(struct ip) + sizeof(udphdr_bsd) + rand_size);
+
+unsigned char *packet = (unsigned char *) safe_malloc(sizeof(struct ip) + sizeof(udphdr_bsd) + datalen);
 struct ip *ip = (struct ip *) packet;
 udphdr_bsd *udp = (udphdr_bsd *) (packet + sizeof(struct ip));
 static int myttl = 0;
@@ -888,23 +887,23 @@
 
 udp->uh_sport = htons(sport);
 udp->uh_dport = htons(dport);
-udp->uh_ulen = htons(8 + rand_size);
+udp->uh_ulen = htons(8 + datalen);
 
  /* We should probably copy the data over too */
 if (data)
-  memcpy(packet + sizeof(struct ip) + sizeof(udphdr_bsd), data, rand_size);
+  memcpy(packet + sizeof(struct ip) + sizeof(udphdr_bsd), data, datalen);
 
 /* Now the psuedo header for checksuming */
 pseudo->source.s_addr = source->s_addr;
 pseudo->dest.s_addr = victim->s_addr;
 pseudo->proto = IPPROTO_UDP;
-pseudo->length = htons(sizeof(udphdr_bsd) + rand_size);
+pseudo->length = htons(sizeof(udphdr_bsd) + datalen);
 
 /* OK, now we should be able to compute a valid checksum */
 #if STUPID_SOLARIS_CHECKSUM_BUG
- udp->uh_sum = sizeof(struct udphdr_bsd) + rand_size;
+ udp->uh_sum = sizeof(struct udphdr_bsd) + datalen;
 #else
-udp->uh_sum = in_cksum((unsigned short *)pseudo, 20 /* pseudo + UDP headers */ + rand_size);
+udp->uh_sum = in_cksum((unsigned short *)pseudo, 20 /* pseudo + UDP headers */ + datalen);
 #endif
 
 /* Goodbye, pseudo header! */
@@ -913,7 +912,7 @@
 /* Now for the ip header */
 ip->ip_v = 4;
 ip->ip_hl = 5;
-ip->ip_len = BSDFIX(sizeof(struct ip) + sizeof(udphdr_bsd) + rand_size);
+ip->ip_len = BSDFIX(sizeof(struct ip) + sizeof(udphdr_bsd) + datalen);
 ip->ip_id = htons(ipid);
 ip->ip_ttl = myttl;
 ip->ip_p = IPPROTO_UDP;
@@ -1112,8 +1111,8 @@
 int send_ip_raw( int sd, struct in_addr *source, const struct in_addr *victim, 
 		 int ttl, u8 proto, char *data, u16 datalen) 
 {
-unsigned int rand_size = datalen>0?get_random_uint() % (datalen+1):0;
-unsigned char *packet = (unsigned char *) safe_malloc(sizeof(struct ip) + rand_size);
+
+unsigned char *packet = (unsigned char *) safe_malloc(sizeof(struct ip) + datalen);
 struct ip *ip = (struct ip *) packet;
 static int myttl = 0;
 
@@ -1154,7 +1153,7 @@
 
 ip->ip_v = 4;
 ip->ip_hl = 5;
-ip->ip_len = BSDFIX(sizeof(struct ip) + rand_size);
+ip->ip_len = BSDFIX(sizeof(struct ip) + datalen);
 get_random_bytes(&(ip->ip_id), 2);
 ip->ip_ttl = myttl;
 ip->ip_p = proto;
@@ -1170,7 +1169,7 @@
 
  /* We should probably copy the data over too */
  if (data)
-   memcpy(packet + sizeof(struct ip), data, rand_size);
+   memcpy(packet + sizeof(struct ip), data, datalen);
 
 if (TCPIP_DEBUGGING > 1) {
   printf("Raw IP packet creation completed!  Here it is:\n");