Nmap Development mailing list archives
Re: Crash on Windows 208 server
From: David Fifield <david () bamsoftware com>
Date: Fri, 26 Feb 2010 15:36:02 -0700
On Mon, May 25, 2009 at 03:53:58PM -0300, Juan Carlos Castro y Castro wrote:
I'm seeing a consistent, reproducible crash in nmap running in Windows 2008 Server. It happens whenever you run nmap --interactive and perform two OS scans in a row with "n -O -v <ipaddr>". Happens with both beta and stable, both with precompiled binaries and running the source with Visual Studio. It doesn't matter whether it's different addresses or not. I see the first assert in PortList::initializePortMap() fails. I tried to find where I should "clean" the ports object, but I'm having some difficulty. Help? ------------------------------------------------------------ void PortList::initializePortMap(int protocol, u16 *ports, int portcount) { int i; int unused_zero; // aren't we using 0 port? int ports_max = (protocol == IPPROTO_IP) ? 256 : 65536; int proto = INPROTO2PORTLISTPROTO(protocol); if(port_map[proto]!=NULL) fatal("%s: portmap for protocol %i already initialized", __func__, protocol); assert(port_list_count[proto]==0); // <===== THIS FAILS WHEN RUNNING SECOND SCAN! ------------------------------------------------------------
There were several problem with running Nmap more than once in interactive mode. I've fixed the more egregious of these, and now it's working without assertion failures and segfaults. I'm willing to bet there are other places in the code that are going to cause problems with reinvoking the engine. A lot of Nmap's global data expects to be loaded and freed at most once. --interactive doesn't get tested. Does anyone else use --interactive? My guess is that it hasn't worked for running more than one scan for some time. For those who don't know, when you use --interactive, you get a little shell like this: Starting Nmap V. 5.21 ( http://nmap.org ) Welcome to Interactive Mode -- press h <enter> for help nmap> h Nmap Interactive Commands: n <nmap args> -- executes an nmap scan using the arguments given and waits for nmap to finish. Results are printed to the screen (of course you can still use file output commands). ! <command> -- runs shell command given in the foreground x -- Exit Nmap f [--spoof <fakeargs>] [--nmap-path <path>] <nmap args> -- Executes nmap in the background (results are NOT printed to the screen). You should generally specify a file for results (with -oX, -oG, or -oN). If you specify fakeargs with --spoof, Nmap will try to make those appear in ps listings. If you wish to execute a special version of Nmap, specify --nmap-path. n -h -- Obtain help with Nmap syntax h -- Prints this help screen. Examples: n -sS -O -v example.com/24 f --spoof "/usr/local/bin/pico -z hello.c" -sS -oN e.log example.com/24 nmap> David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Crash on Windows 208 server David Fifield (Feb 26)
- Re: Crash on Windows 208 server Fyodor (Mar 01)
- Re: Crash on Windows 208 server Ron (Mar 02)
- Re: Crash on Windows 208 server Juan Carlos Castro y Castro (Mar 04)
- Re: Crash on Windows 208 server David Fifield (Mar 04)
- Re: Crash on Windows 208 server Fyodor (Mar 05)
- --interactive mode gone David Fifield (Mar 31)
- Re: --interactive mode gone Michael Pattrick (Mar 31)
- Re: Crash on Windows 208 server Fyodor (Mar 01)