Nmap Development mailing list archives

Re: nmap-5.20 on x86_64 Segmentation fault

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sun, 24 Jan 2010 10:15:03 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 22 Jan 2010 17:32:10 +0100 (MET) or thereabouts Gunnar Lindberg
<Gunnar.Lindberg () chalmers se> wrote:

./nmap 129.16.x.y
Starting Nmap 5.20
Segmentation fault

./nmap -n 129.16.x.y
OK

# uname -a
Linux wilfer.cdg.chalmers.se 2.6.18-164.10.1.el5 #1 SMP Wed Dec 30
18:35:28 EST 2009 x86_64 x86_64 x86_64 GNU/Linux Red Hat Enterprise
Linux Client release 5.4 (Tikanga)

gdb backtrace
#0  0x00000000004692dd in nmap_mass_rdns_core (targets=0x1742ac00,
    num_targets=1) at nmap_dns.cc:1160
#1  0x0000000000469e06 in nmap_mass_rdns (targets=0x1742acc0,
num_targets=1) at nmap_dns.cc:1315
#2  0x00000000004232d6 in nexthost (hs=0x1742a820, exclude_group=0x0,
    ports=0x7fffb07dfa70, pingtype=122) at targets.cc:582
#3  0x000000000041ec29 in nmap_main (argc=2, argv=0x7fffb07e2e38)
    at nmap.cc:1720
#4  0x000000000041a799 in main (argc=2, argv=0x7fffb07e2e38) at
main.cc:205 I added some printf()

nmap-5.20/nmap_dns.cc:
static void nmap_mass_rdns_core(Target **targets, int num_targets) {
...
fprintf(stderr, "1a *targets=<%X>\n",*targets);
  init_servs();
fprintf(stderr, "1b *targets=<%X>\n",*targets);
...

Result:
1a *targets=<135A5CD0>
1b *targets=<0>

My 0.01 SEK is that something goes wrong when trying to make use of
    struct sockaddr_storage *
in get_dns_servers() and that that later on leads to corrupt data.

      Gunnar Lindberg, Chalmers University of Technology



Hi Gunnar,

I have not been able to reproduce this issue.  I have tried having Nmap
lookup a few hundred thousand random IPs.  I then switched to looking
up all the names in your 129.16.0.0/16 but that worked several times
using several different nameservers too.

I even ran in valgrind to check for memory and other issues:

$ sudo valgrind -v --gen-suppressions=all --db-attach=yes ./nmap --noninteractive -sL -v -d --dns-servers 
ns1.chalmers.se 129.16.0.0/16

Are you able to reproduce the error?  If so, what is in
your /etc/resolve.conf?

If you can, run Nmap in valgrind to see if that reports anything
interesting.

Regards,

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAktcHa4ACgkQqaGPzAsl94KgzACfU3KGKg50P7oyzx+qQL/isOW8
I48An16Cyz+shQoZH0T+P9JUmNkVYQRf
=8XLo
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

nmap-5.20 on x86_64 Segmentation fault Gunnar Lindberg (Jan 23)
- Re: nmap-5.20 on x86_64 Segmentation fault Brandon Enright (Jan 25)
  - Re: nmap-5.20 on x86_64 Segmentation fault Brandon Enright (Jan 24)
    - Re: nmap-5.20 on x86_64 Segmentation fault Gunnar Lindberg (Jan 25)
    - Re: nmap-5.20 on x86_64 Segmentation fault Gunnar Lindberg (Jan 25)
    - Re: nmap-5.20 on x86_64 Segmentation fault Brandon Enright (Jan 24)
    - Re: nmap-5.20 on x86_64 Segmentation fault Kris Katterjohn (Jan 25)
    - Re: nmap-5.20 on x86_64 Segmentation fault Brandon Enright (Jan 25)
    - Re: nmap-5.20 on x86_64 Segmentation fault Kris Katterjohn (Jan 25)
    - Re: nmap-5.20 on x86_64 Segmentation fault Gunnar Lindberg (Jan 26)
    - Re: nmap-5.20 on x86_64 Segmentation fault Kris Katterjohn (Jan 26)
    - Re: nmap-5.20 on x86_64 Segmentation fault David Fifield (Jan 27)

(Thread continues...)