Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SIGSEGV signal on Darwin OS X (Intel) when using version matching (nmap 4.01)

From: Kurt Grutzmacher <grutz () jingojango net>
Date: Mon, 6 Mar 2006 20:26:41 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mar 5, 2006, at 8:48 PM, David Warde-Farley wrote:


On 5-Mar-06, at 11:25 PM, Kelly M wrote:


Thanks for walking me through that. Here's the output I got:

(gdb) run -sS -T4 -A 111.222.333.444
Starting program: /usr/local/bin/nmap -sS -T4 -A 111.222.333.444
Reading symbols for shared libraries . done

Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-03-05
23:12
EST

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0xc0000000
0x0004486d in ?? ()
(gdb) bt
#0  0x0004486d in ?? ()
#1  0x00000000 in ?? ()
Previous frame inner to this frame (corrupt stack?)




I've been tracking this one for a while (see nmap archives) and it's  
when nmap calls pcre_compile during ServiceProbeMatch::InitMatch. It  
bombs on the first nmap-service-probe entry.

This is where I've gotten so far....:

(gdb) r -sV 192.168.1.1
Starting program: /Users/grutz/nmap/nmap-4.02Alpha1/nmap -sV 192.168.1.1
Reading symbols for shared libraries . done

Starting Nmap 4.02Alpha1 ( http://www.insecure.org/nmap/ ) at  
2006-03-06 20:25 PST
Processing line: totalwaitms 6000

Processing line: match acap m|^\* ACAP \(IMPLEMENTATION \"CommuniGate  
Pro ACAP (\d[-.\w]+)\"\) | p/CommuniGate Pro ACAP server/ i/for mail  
client preference sharing/ v/$1/

InitMatch started for line: match acap m|^\* ACAP \(IMPLEMENTATION  
\"CommuniGate Pro ACAP (\d[-.\w]+)\"\) | p/CommuniGate Pro ACAP  
server/ i/for mail client preference sharing/ v/$1/

Calling regex_compiled with:
         matchstr        ^\* ACAP \(IMPLEMENTATION \"CommuniGate Pro  
ACAP (\d[-.\w]+)\"\)
         pcre_compile_ops        0

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0xa006892f
0x00045384 in compile_regex (options=0, oldims=0,  
brackets=0xbfffb3d4, codeptr=0xbfffaee0, ptrptr=0xbfffaedc,  
errorcodeptr=0xbfffb3d0, lookbehind=0, skipbytes=0,  
firstbyteptr=0xbfffaed4, reqbyteptr=0xbfffaecc, bcptr=0xbfffaec4,  
cd=0xbfffb384) at ./pcre_compile.c:1925
1925                for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c 
+cbit_digit];
(gdb) bt
#0  0x00045384 in compile_regex (options=0, oldims=0,  
brackets=0xbfffb3d4, codeptr=0xbfffaee0, ptrptr=0xbfffaedc,  
errorcodeptr=0xbfffb3d0, lookbehind=0, skipbytes=0,  
firstbyteptr=0xbfffaed4, reqbyteptr=0xbfffaecc, bcptr=0xbfffaec4,  
cd=0xbfffb384) at ./pcre_compile.c:1925
#1  0x00044feb in compile_regex (options=0, oldims=0,  
brackets=0xbfffb3d4, codeptr=0xbfffb3cc, ptrptr=0xbfffb3c8,  
errorcodeptr=0xbfffb3d0, lookbehind=0, skipbytes=0,  
firstbyteptr=0xbfffb3dc, reqbyteptr=0xbfffb3d8, bcptr=0x0,  
cd=0xbfffb384) at ./pcre_compile.c:3129
#2  0x00048793 in pcre_compile2 (pattern=0x5005d0 "^\\* ACAP \\ 
(IMPLEMENTATION \\\"CommuniGate Pro ACAP (\\d[-.\\w]+)\\\"\\) ",  
options=0, errorcodeptr=0x0, errorptr=0xbfffb4ac,  
erroroffset=0xbfffb4a8, tables=0x66a80 "") at ./pcre_compile.c:4930
#3  0x00048e9c in pcre_compile (pattern=0x5005d0 "^\\* ACAP \\ 
(IMPLEMENTATION \\\"CommuniGate Pro ACAP (\\d[-.\\w]+)\\\"\\) ",  
options=0, errorptr=0xbfffb4ac, erroroffset=0xbfffb4a8, tables=0x0)  
at ./pcre_compile.c:3855
#4  0x00034e97 in ServiceProbeMatch::InitMatch (this=0x5008c0,  
matchtext=0xbfffb572 "acap m|^\\* ACAP \\(IMPLEMENTATION \\ 
\"CommuniGate Pro ACAP (\\d[-.\\w]+)\\\"\\) | p/CommuniGate Pro ACAP  
server/ i/for mail client preference sharing/ v/$1/\n", lineno=43) at  
service_scan.cc:381
#5  0x00037976 in ServiceProbe::addMatch (this=0x500a30,  
match=0xbfffb56c "match acap m|^\\* ACAP \\(IMPLEMENTATION \\ 
\"CommuniGate Pro ACAP (\\d[-.\\w]+)\\\"\\) | p/CommuniGate Pro ACAP  
server/ i/for mail client preference sharing/ v/$1/\n", lineno=43) at  
service_scan.cc:1042
#6  0x0003a51e in parse_nmap_service_probe_file (AP=0x500770,  
filename=0xbfffbda0 "./nmap-service-probes") at service_scan.cc:1112
#7  0x0003a73c in parse_nmap_service_probes (AP=0x500770) at  
service_scan.cc:1141
#8  0x0003ab58 in service_scan (Targets=@0xbfffd474) at  
service_scan.cc:2333
#9  0x00008362 in nmap_main (argc=3, argv=0xbffffaf0) at nmap.cc:1274
#10 0x000027f2 in main (argc=3, argv=0xbffffaf0, envp=0xbffffb00) at  
main.cc:245
Current language:  auto; currently c

Easy fix is to compile libpcre outside of nmap with utf8 support and  
then build nmap against that library instead. Not entirely sure why  
utf8 is required, just that it's the only way to get pcre to  
function. I used darwinport's pcre and it works great.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)

iD8DBQFEDQuH7JUqA4yz7LQRAqjCAJ4/wR/J4xt0OMe5K+eWjRYd9dkeRwCfRuVW
r+d/yjsTQp9XHb5rsPpvyDE=
=u2br
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Previous By Date Next
Previous By Thread Next

Current thread: