Nmap Development mailing list archives
Re: Errors with -sV and -PE using IPv6
From: Will Cladek <william.cladek () nrl navy mil>
Date: Wed, 09 Jan 2008 12:49:58 -0500
After breaking out my rusty programming skills, I figured out what was causing the seg fault with the -sV option in IPv6. It's the following code in scan_engine.cc, starting at line 5101, and then the same code again at 5129: if (send_rpc_query(target->v4hostip(), rsi.rpc_current_port->portno, rsi.rpc_current_port->proto, current->portno, current - scan, current->trynum) == -1) { /* Futz, I'll give up on this guy ... */ rsi.rpc_status = RPC_STATUS_NOT_RPC; break; } The function send_rpc_query in scan_nmap.cc receives the pointer returned by target->v4hostip() from the call above, and dereferences it a few times without checking for it to be non-NULL. In the case of scanning an IPv6 host, that value will be NULL and thus cause a seg fault when dereferenced. My quick-fix is just to change the beginning of that if-statement to: if (!target->v4hostip() || send_rpc_query(... so that it won't even attempt to send an RPC query if there is no v4 address. Not to do an incomplete job of this, but I'm not familiar enough with this stuff to make a proper patch to allow it to send RPC queries to v6 hosts as well. I'll look into it more eventually, if someone doesn't beat me to it, but until then this suits my v6 version scanning needs. -Will Will Cladek wrote:
A couple of problems I've noticed with nmap 4.52 compiled on a Red Hat 4 x86_64 machine, scanning IPv6 hosts: 1. When giving it the -PE option, the following error message comes up: nmap: tcpip.cc:931: pcap_t* my_pcap_open_live(const char*, int, int, int): Assertion `device != __null' failed. I'm guessing ICMP ping host discovery still isn't supported with IPv6, but there should probably be a more useful error message. Previously, I believe no error was generated at all -- it simply didn't do an ICMP ping. 2. When scanning certain systems with version detection (-sV), certain hosts cause nmap to simply give a Segmentation Fault error and exit. Specifically, this seems to happen when scanning Solaris hosts. Has anyone else experienced these problems with IPv6 scanning? Thanks, Will
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Errors with -sV and -PE using IPv6 Will Cladek (Jan 04)
- Re: Errors with -sV and -PE using IPv6 Will Cladek (Jan 09)
- Re: Errors with -sV and -PE using IPv6 Fyodor (Jan 12)
- Re: Errors with -sV and -PE using IPv6 Kris Katterjohn (Jan 12)
- Re: Errors with -sV and -PE using IPv6 Will Cladek (Jan 14)
- Re: Errors with -sV and -PE using IPv6 Kris Katterjohn (Jan 14)
- Re: Errors with -sV and -PE using IPv6 Fyodor (Jan 12)
- Re: Errors with -sV and -PE using IPv6 Will Cladek (Jan 09)