Nmap Development mailing list archives
Segfault in nping
From: Jack Grahl <mnvl16 () yahoo co uk>
Date: Sat, 8 Aug 2009 20:17:31 +0000 (GMT)
[Luis - it was really good to chat to you last night in the restaurant :)] jack@lucy:~/c/nping$ sudo ./nping -c 30 192.168.1.254 Starting Nping V. 0.1BETA1 ( http://nmap.org/nping ) at 2009-08-08 14:11 BST SENT (0.0130s) ICMP 192.168.1.67 > 192.168.1.254 Echo request (type=8/code=0) ttl=64 id=23783 iplen=28 RCVD (0.0160s) ICMP 192.168.1.254 > 192.168.1.67 Echo reply (type=0/code=0) ttl=64 id=1685 iplen=28 SENT (1.0160s) ICMP 192.168.1.67 > 192.168.1.254 Echo request (type=8/code=0) ttl=64 id=28854 iplen=28 RCVD (1.0170s) ICMP 192.168.1.254 > 192.168.1.67 Echo reply (type=0/code=0) ttl=64 id=1686 iplen=28 SENT (2.0160s) ICMP 192.168.1.67 > 192.168.1.254 Echo request (type=8/code=0) ttl=64 id=53473 iplen=28 RCVD (2.0170s) ICMP 192.168.1.254 > 192.168.1.67 Echo reply (type=0/code=0) ttl=64 id=1687 iplen=28 SENT (3.0160s) ICMP 192.168.1.67 > 192.168.1.254 Echo request (type=8/code=0) ttl=64 id=17904 iplen=28 RCVD (3.0170s) ICMP 192.168.1.254 > 192.168.1.67 Echo reply (type=0/code=0) ttl=64 id=1688 iplen=28 SENT (4.0160s) ICMP 192.168.1.67 > 192.168.1.254 Echo request (type=8/code=0) ttl=64 id=63106 iplen=28 RCVD (4.0170s) ICMP 192.168.1.254 > 192.168.1.67 Echo reply (type=0/code=0) ttl=64 id=1689 iplen=28 SENT (5.0160s) ICMP 192.168.1.67 > 192.168.1.254 Echo request (type=8/code=0) ttl=64 id=31983 iplen=28 RCVD (5.0170s) ICMP 192.168.1.254 > 192.168.1.67 Echo reply (type=0/code=0) ttl=64 id=1690 iplen=28 LEN 20 VER 4 RCVD (5.1260s) ICMP 194.81.1.28 > 192.168.1.67 Host 195.195.161.54 unreachable (type=3/code=1) ttl=247 id=22481 iplen=88 Segmentation fault When lucy receives an unrelated ICMP unreachable message from a different host to the one she is scanning, there is a segfault. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1212668224 (LWP 5735)] 0x080a3253 in NpingTarget::setProbeRecvICMP (this=0x0, id=0, seq=0) at NpingTarget.cc:1162 1162 int i= this->current_stat-1; (gdb) bt #0 0x080a3253 in NpingTarget::setProbeRecvICMP (this=0x0, id=0, seq=0) at NpingTarget.cc:1162 #1 0x08077517 in nping_event_handler (nsp=0x817e0a0, nse=0x817c120, mydata=0x0) at nping.cc:1622 #2 0x080af503 in msevent_dispatch_and_delete (nsp=0x817e0a0, nse=0x817c120, notify=1) at nsock_event.c:297 #3 0x080ad598 in nsock_loop (nsp=0x817e0a0, msec_timeout=-1) at nsock_core.c:945 #4 0x0807f69e in normalProbeMode () at nping.cc:522 #5 0x0807fc0c in main (argc=2, argv=0xbfd0a2a4) at nping.cc:218 This is because nping_event_handler can't find the source of the ICMP unreachable in the list of targets. I think the patch below is all that's needed: --- nping.cc~ 2009-08-08 13:21:10.000000000 +0100 +++ nping.cc 2009-08-08 14:03:33.000000000 +0100 @@ -1619,6 +1619,7 @@ trg->setProbeRecvTCP(*prt, 0); } }else if (o.getMode()==ICMP){ + if(trg != NULL) trg->setProbeRecvICMP(0, 0); } break; Yours, Jack Grahl _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Segfault in nping Jack Grahl (Aug 08)
- Re: Segfault in nping Luis M. (Aug 09)
- <Possible follow-ups>
- Fw: Segfault in nping Jack Grahl (Aug 08)
- Segfault in nping Jack Grahl (Aug 10)
- Fw: Segfault in nping Jack Grahl (Aug 10)