Nmap Development mailing list archives

Re: Crash on Windows 208 server

From: David Fifield <david () bamsoftware com>
Date: Fri, 26 Feb 2010 15:36:02 -0700

On Mon, May 25, 2009 at 03:53:58PM -0300, Juan Carlos Castro y Castro wrote:

I'm seeing a consistent, reproducible crash in nmap running in Windows  
2008 Server. It happens whenever you run nmap --interactive and perform  
two OS scans in a row with "n -O -v <ipaddr>". Happens with both beta  
and stable, both with precompiled binaries and running the source with  
Visual Studio. It doesn't matter whether it's different addresses or not.

I see the first assert in PortList::initializePortMap() fails. I tried  
to find where I should "clean" the ports object, but I'm having some  
difficulty. Help?

------------------------------------------------------------
void PortList::initializePortMap(int protocol, u16 *ports, int portcount) {
 int i;
 int unused_zero;    // aren't we using 0 port?
 int ports_max = (protocol == IPPROTO_IP) ? 256 : 65536;
 int proto = INPROTO2PORTLISTPROTO(protocol);

 if(port_map[proto]!=NULL)
   fatal("%s: portmap for protocol %i already initialized", __func__,  
protocol);

 assert(port_list_count[proto]==0);         // <===== THIS FAILS WHEN  
RUNNING SECOND SCAN!
------------------------------------------------------------


There were several problem with running Nmap more than once in
interactive mode. I've fixed the more egregious of these, and now it's
working without assertion failures and segfaults.

I'm willing to bet there are other places in the code that are going to
cause problems with reinvoking the engine. A lot of Nmap's global data
expects to be loaded and freed at most once. --interactive doesn't get
tested.

Does anyone else use --interactive? My guess is that it hasn't worked
for running more than one scan for some time. For those who don't know,
when you use --interactive, you get a little shell like this:

Starting Nmap V. 5.21 ( http://nmap.org )
Welcome to Interactive Mode -- press h <enter> for help
nmap> h
Nmap Interactive Commands:
n <nmap args> -- executes an nmap scan using the arguments given and
waits for nmap to finish.  Results are printed to the
screen (of course you can still use file output commands).
! <command>   -- runs shell command given in the foreground
x             -- Exit Nmap
f [--spoof <fakeargs>] [--nmap-path <path>] <nmap args>
-- Executes nmap in the background (results are NOT
printed to the screen).  You should generally specify a
file for results (with -oX, -oG, or -oN).  If you specify
fakeargs with --spoof, Nmap will try to make those
appear in ps listings.  If you wish to execute a special
version of Nmap, specify --nmap-path.
n -h          -- Obtain help with Nmap syntax
h             -- Prints this help screen.
Examples:
n -sS -O -v example.com/24
f --spoof "/usr/local/bin/pico -z hello.c" -sS -oN e.log example.com/24
nmap>

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: Crash on Windows 208 server David Fifield (Feb 26)
- Re: Crash on Windows 208 server Fyodor (Mar 01)
  - Re: Crash on Windows 208 server Ron (Mar 02)
  - Re: Crash on Windows 208 server Juan Carlos Castro y Castro (Mar 04)
    - Re: Crash on Windows 208 server David Fifield (Mar 04)
    - Re: Crash on Windows 208 server Fyodor (Mar 05)
  - --interactive mode gone David Fifield (Mar 31)
    - Re: --interactive mode gone Michael Pattrick (Mar 31)