Nmap Development mailing list archives
Double free crash when using --iflist
From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 28 Dec 2006 23:39:03 -0600
# nmap --iflist Starting Nmap 4.21ALPHA1 ( http://insecure.org ) at 2006-12-28 23:22 CST ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MAC lo (lo) 127.0.0.1/8loopback up eth0 (eth0) 10.10.102.186/24ethernet up 00:0C:76:7D:90:33 *** glibc detected *** double free or corrupted (!prev): 0x08108968 *** Aborted --- Above is the output before the patch and further below is the output after the patch. I'm not at all familiar with the inner workings of NmapOutputTable, but I have found that this thing appears to have something to do with the 'fullrow' stuff that was added between 4.20 and 4.21ALPHA1. I attached a patch that basically removes the 'fullrow' stuff from the addItem[Formatted]() functions and it doesn't crash anymore. Obviously this is just a hack to show, perhaps just part of, the problem and not something to be applied in it's current form. Thanks, Kris Katterjohn --- # nmap --iflist Starting Nmap 4.21ALPHA1 ( http://insecure.org ) at 2006-12-28 23:23 CST ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MAC lo (lo) 127.0.0.1/8 loopback up eth0 (eth0) 10.10.102.186/24 ethernet up 00:0C:76:7D:90:33 **************************ROUTES************************** DST/MASK DEV GATEWAY 10.10.102.0 eth0 127.0.0.0 lo 0.0.0.0 eth0 10.10.102.1
--- x/NmapOutputTable.cc 2006-12-10 18:34:35.000000000 -0600 +++ y/NmapOutputTable.cc 2006-12-28 23:19:37.000000000 -0600 @@ -142,16 +142,7 @@ NmapOutputTable::~NmapOutputTable() { void NmapOutputTable::addItem(unsigned int row, unsigned int column, bool fullrow, bool copy, const char *item, int itemlen) { - struct NmapOutputTableCell *cell; - int mc = maxColLen[column]; - addItem(row, column, copy, item, itemlen); - - maxColLen[column] = mc; - cell = getCellAddy(row, column); - cell->fullrow = fullrow; - - return; } void NmapOutputTable::addItem(unsigned int row, unsigned int column, bool copy, const char *item, @@ -192,8 +183,6 @@ void NmapOutputTable::addItemFormatted(u unsigned int column, bool fullrow, const char *fmt, ...) { - struct NmapOutputTableCell *cell; - int mc = maxColLen[column]; unsigned int res; va_list ap; va_start(ap,fmt); @@ -205,10 +194,6 @@ void NmapOutputTable::addItemFormatted(u fatal("NmapOutputTable only supports adding up to 4096 to a cell via addItemFormatString."); addItem(row, column, fullrow, true, buf, res); - - maxColLen[column] = mc; - cell = getCellAddy(row, column); - cell->fullrow = fullrow; } // Returns the maximum size neccessary to create a printableTable() (the
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Double free crash when using --iflist Kris Katterjohn (Dec 28)
- Re: Double free crash when using --iflist Kris Katterjohn (Dec 28)