Nmap Development mailing list archives
Re: Nmap SIGSEGV in nsock_proxychain_new with SOCKS4 proxies
From: Henri Doreau <henri.doreau () gmail com>
Date: Tue, 8 Jul 2014 19:54:52 +0200
2014-07-08 18:45 GMT+02:00 Jacek Wielemborek <d33tah () gmail com>:
08.07.2014 18:38, Henri Doreau:2014-07-08 13:26 GMT+02:00 Jacek Wielemborek <d33tah () gmail com>:List, I just wanted to test Henri's suggestion on how to make Nmap use a SOCKS4 proxy created by OpenSSH. I created a tunnel using ssh somehost -D 8888, then tried the following: $ nmap --proxy socks4://localhost:8888 ifconfig.me -sC -p 80 zsh: segmentation fault nmap --proxy socks4://localhost:8888 ifconfig.me -sC -p 80 Then I realized that it's not even trying to connect, the crash happens inside parse_options(): Program received signal SIGSEGV, Segmentation fault. 0x00007fd6e789b10a in nsock_proxychain_new () Missing separate debuginfos, use: debuginfo-install nmap-6.45-1.fc20.x86_64 (gdb) bt #0 0x00007fd6e789b10a in nsock_proxychain_new () #1 0x00007fd6e7828da1 in parse_options(int, char**) () #2 0x00007fd6e782a5e2 in nmap_main(int, char**) () #3 0x00007fd6e780580b in main () Maybe we could use some more validation there that would prevent this from happening? Yours, Jacek WielemborekHi Jacek, it's bad, indeed. Where exactly does it crash? Do you have any patch applied? I cannot reproduce with current HEAD and can't see anything obvious in the incriminated function... RegardsRecompiled with debug symbols: Program received signal SIGSEGV, Segmentation fault. 0x0000000000628b97 in gh_list_append (list=0xbd8e70, lnode=0xa0) at gh_list.h:132 132 lnode->prev = oldlast; Missing separate debuginfos, use: debuginfo-install keyutils-libs-1.5.9-1.fc20.x86_64 krb5-libs-1.11.5-5.fc20.x86_64 libgcc-4.8.3-1.fc20.x86_64 libpcap-1.5.3-1.fc20.x86_64 libstdc++-4.8.3-1.fc20.x86_64 openssl-libs-1.0.1e-38.fc20.x86_64 pcre-8.33-5.fc20.x86_64 xz-libs-5.1.2-12alpha.fc20.x86_64 (gdb) bt #0 0x0000000000628b97 in gh_list_append (list=0xbd8e70, lnode=0xa0) at gh_list.h:132 #1 0x0000000000628f1e in nsock_proxychain_new (proxystr=0x7fffffffe0bb "socks4://localhost", chain=0xb54298 <o+1080>, nspool=0x0) at nsock_proxy.c:106 #2 0x00000000004da27b in parse_options (argc=0x4, argv=0x7fffffffdc88) at nmap.cc:823 #3 0x00000000004e0f0e in nmap_main (argc=0x4, argv=0x7fffffffdc88) at nmap.cc:1674 #4 0x00000000004ca3e2 in main (argc=0x4, argv=0x7fffffffdc88) at main.cc:229 Latest trunk, nmap --proxy socks4://localhost localhost No patches applied.
Thanks to Dan's troubleshooting skills I hopefully have fixed this one. The reason was that your system takes AF_INET6 replies first though socks4 is AF_INET only. That combined to inconsistent error propagation led to the NULL pointer dereference above. Let me know if that works for you. Regards. -- Henri _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap SIGSEGV in nsock_proxychain_new with SOCKS4 proxies Jacek Wielemborek (Jul 08)
- Re: Nmap SIGSEGV in nsock_proxychain_new with SOCKS4 proxies Henri Doreau (Jul 08)
- Re: Nmap SIGSEGV in nsock_proxychain_new with SOCKS4 proxies Jacek Wielemborek (Jul 08)
- Re: Nmap SIGSEGV in nsock_proxychain_new with SOCKS4 proxies Henri Doreau (Jul 08)
- Re: Nmap SIGSEGV in nsock_proxychain_new with SOCKS4 proxies Jacek Wielemborek (Jul 08)
- Re: Nmap SIGSEGV in nsock_proxychain_new with SOCKS4 proxies Henri Doreau (Jul 08)