Nmap Development mailing list archives
Re: Nmap SIGSEGV in nsock_proxychain_new with SOCKS4 proxies
From: Jacek Wielemborek <d33tah () gmail com>
Date: Tue, 08 Jul 2014 18:45:22 +0200
08.07.2014 18:38, Henri Doreau:
2014-07-08 13:26 GMT+02:00 Jacek Wielemborek <d33tah () gmail com>:List, I just wanted to test Henri's suggestion on how to make Nmap use a SOCKS4 proxy created by OpenSSH. I created a tunnel using ssh somehost -D 8888, then tried the following: $ nmap --proxy socks4://localhost:8888 ifconfig.me -sC -p 80 zsh: segmentation fault nmap --proxy socks4://localhost:8888 ifconfig.me -sC -p 80 Then I realized that it's not even trying to connect, the crash happens inside parse_options(): Program received signal SIGSEGV, Segmentation fault. 0x00007fd6e789b10a in nsock_proxychain_new () Missing separate debuginfos, use: debuginfo-install nmap-6.45-1.fc20.x86_64 (gdb) bt #0 0x00007fd6e789b10a in nsock_proxychain_new () #1 0x00007fd6e7828da1 in parse_options(int, char**) () #2 0x00007fd6e782a5e2 in nmap_main(int, char**) () #3 0x00007fd6e780580b in main () Maybe we could use some more validation there that would prevent this from happening? Yours, Jacek WielemborekHi Jacek, it's bad, indeed. Where exactly does it crash? Do you have any patch applied? I cannot reproduce with current HEAD and can't see anything obvious in the incriminated function... Regards
Recompiled with debug symbols: Program received signal SIGSEGV, Segmentation fault. 0x0000000000628b97 in gh_list_append (list=0xbd8e70, lnode=0xa0) at gh_list.h:132 132 lnode->prev = oldlast; Missing separate debuginfos, use: debuginfo-install keyutils-libs-1.5.9-1.fc20.x86_64 krb5-libs-1.11.5-5.fc20.x86_64 libgcc-4.8.3-1.fc20.x86_64 libpcap-1.5.3-1.fc20.x86_64 libstdc++-4.8.3-1.fc20.x86_64 openssl-libs-1.0.1e-38.fc20.x86_64 pcre-8.33-5.fc20.x86_64 xz-libs-5.1.2-12alpha.fc20.x86_64 (gdb) bt #0 0x0000000000628b97 in gh_list_append (list=0xbd8e70, lnode=0xa0) at gh_list.h:132 #1 0x0000000000628f1e in nsock_proxychain_new (proxystr=0x7fffffffe0bb "socks4://localhost", chain=0xb54298 <o+1080>, nspool=0x0) at nsock_proxy.c:106 #2 0x00000000004da27b in parse_options (argc=0x4, argv=0x7fffffffdc88) at nmap.cc:823 #3 0x00000000004e0f0e in nmap_main (argc=0x4, argv=0x7fffffffdc88) at nmap.cc:1674 #4 0x00000000004ca3e2 in main (argc=0x4, argv=0x7fffffffdc88) at main.cc:229 Latest trunk, nmap --proxy socks4://localhost localhost No patches applied.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap SIGSEGV in nsock_proxychain_new with SOCKS4 proxies Jacek Wielemborek (Jul 08)
- Re: Nmap SIGSEGV in nsock_proxychain_new with SOCKS4 proxies Henri Doreau (Jul 08)
- Re: Nmap SIGSEGV in nsock_proxychain_new with SOCKS4 proxies Jacek Wielemborek (Jul 08)
- Re: Nmap SIGSEGV in nsock_proxychain_new with SOCKS4 proxies Henri Doreau (Jul 08)
- Re: Nmap SIGSEGV in nsock_proxychain_new with SOCKS4 proxies Jacek Wielemborek (Jul 08)
- Re: Nmap SIGSEGV in nsock_proxychain_new with SOCKS4 proxies Henri Doreau (Jul 08)