RE: nmap crash when destination unreachable message received

[Adam Badaoui <adam.badaoui () cyberis co uk>]

Dan,

No problem ☺. I’ll look at this today and let you know.

Adam

From: Daniel Miller [mailto:bonsaiviking () gmail com]
Sent: 05 June 2015 20:49
To: Adam Badaoui
Cc: dev () nmap org; Geoff Jones
Subject: Re: nmap crash when destination unreachable message received

Adam,
Thanks so much for this critical bug report! We recently added a new check for ICMP messages which calls the icmpid() 
function, but we didn't add a corresponding check to be sure that function was safe to call. Would you be able to apply 
the attached patch and let us know if it solves the issue?
Dan

On Fri, Jun 5, 2015 at 8:51 AM, Adam Badaoui <adam.badaoui () cyberis co uk<mailto:adam.badaoui () cyberis co uk>> 
wrote:
A bug has been identified in the latest beta version of nmap – Nmap 6.49BETA1

nmap -V
Nmap version 6.49BETA1 ( http://nmap.org )
Platform: x86_64-unknown-linux-gnu
Compiled with: nmap-liblua-5.2.3 openssl-1.0.1f libpcre-8.31 nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

OS: Ubuntu 14.04 (tested on Desktop and Server)

When nmap undergoes host discovery, if a host responds with an ICMP Destination Unreachable, Nmap aborts with the 
following error:

nmap: scan_engine_raw.cc:206: u16 UltraProbe::icmpid() const: Assertion `mypspec.proto == IPPROTO_ICMP || mypspec.proto 
== IPPROTO_ICMPV6' failed.
Aborted (core dumped)

This issue has been reproduced with ICMP Destination Unreachable types 13 (Communication Administratively Prohibited) 
and type 0 (Net Unreachable) messages. Other Destination Unreachable messages may also be affected.


Adam Badaoui  |  Consultant
Cyberis Limited |  www.cyberis.co.uk<http://www.cyberis.co.uk>
Tel: +44 (0)3333 406485<tel:%2B44%20%280%293333%20406485>
Mobile: +44 (0)7477 632736<tel:%2B44%20%280%297477%20632736>

________________________________

This message is private and confidential. If you have received this message in error, please notify us immediately and 
delete this email from your system. Email transmission cannot be guaranteed to be secure or error-free as information 
could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore 
does not accept liability for any errors or omissions in the contents of this message, which arise as a result of email 
transmission.

Cyberis Limited is a company registered in England and Wales. Company number 7556994. Registered office: Unit E, The 
Courtyard, Tewkesbury Business Park, Tewkesbury, GL20 8GD.

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

________________________________

This message is private and confidential. If you have received this message in error, please notify us immediately and 
delete this email from your system. Email transmission cannot be guaranteed to be secure or error-free as information 
could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore 
does not accept liability for any errors or omissions in the contents of this message, which arise as a result of email 
transmission.

Cyberis Limited is a company registered in England and Wales. Company number 7556994. Registered office: Unit E, The 
Courtyard, Tewkesbury Business Park, Tewkesbury, GL20 8GD.

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/