nmap 4.0 output error

["Schneider, Jake" <Jake.Schneider () dynetics com>]

I recently came across a bug in nmap v 4.0.

The bug manifests itself when attempting to write output from a scan
with the -sV option set and the ignored port state for the output is
defined as PORT_OPENFILTERED.  Nmap will give an error stating that the
assertion on line 143 of NmapOutputTable.cc in the
NmapOutputTable::addItem function failed.

The problem really lies in the service_scan.cc file in the
adjustPortStateIfNecessary function which changes the port state from
PORT_OPENFILTERED to PORT_OPEN, but does not modify the
PortList->state_counts to reflect this.  Therefore, in the output.cc
file in the printportoutput function on line 397 which states: numrows
-= plist->state_counts[istate]; if the istate is PORT_OPENFILTERED, the
plist->state_counts will be artificially high due to the changes in the
port states which occurred during the service_scan which will cause the
assertion in the NmapOutputTable::addItem function to fail because the
numrows variable will be set too low.  

A temporary workaround is to change line 396 of the output.cc file which
states: if(istate != PORT_UNKNOWN) to if((istate != PORT_UNKNOWN) &&
(istate != PORT_OPENFILTERED))

This work-around causes nmap to work correctly in the stated conditions,
but it does generate some unnecessary (and ugly) whitespace in the logs
and the results.

-Jake Schneider 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev