RE: nmap crash

["Ganga Bhavani" <GBhavani () everdreamcorp com>]

I'm able to simulate this problem repeatedly. Here is the patch that fixes this problem.

--- targets.cc.org      2006-04-05 11:01:55.126923000 -0700
+++ targets.cc  2006-04-05 11:03:32.644138200 -0700
@@ -1797,7 +1797,7 @@
         !hs->hostbatch[i]->timedOut(&now))
        if (!setTargetNextHopMAC(hs->hostbatch[i]))
         fatal("%s: Failed to determine dst MAC address for target %s",
-              __FUNCTION__, hs->hostbatch[hidx]->NameIP());
+              __FUNCTION__, hs->hostbatch[i]->NameIP());
  }

Thanks,
Ganga

-----Original Message-----
From: nmap-dev-bounces () insecure org
[mailto:nmap-dev-bounces () insecure org]On Behalf Of Ganga Bhavani
Sent: Wednesday, April 05, 2006 12:43 AM
To: nmap-dev () insecure org; fyodor () insecure com
Cc: Neil Carson
Subject: nmap crash


Hi,

nmap 3.95 crashed on a korean windows system when executed with  the following params

nmap -O -F -oN out.nmap --host_timeout=900000 10.10.188.0/20.

The dump shows the following trace.  

nmap!_output+0x4f2 [f:\vs70builds\9466\vc\crtbld\crt\src\output.c @ 707]
nmap!_snprintf+0x2e [f:\vs70builds\9466\vc\crtbld\crt\src\sprintf.c @ 104]
nmap!Target::NameIP+0x25
nmap!Target::NameIP+0x24
nmap!nexthost+0x3bf
nmap!nmap_main+0x25e6
nmap!main+0x331
nmap!mainCRTStartup+0x170 [f:\vs70builds\9466\vc\crtbld\crt\src\crt0.c @ 259]

On further investigation, I traced the crash in the fatal function in nexthost() in targets.cc.

 fatal("%s: Failed to determine dst MAC address for target %s", 
               __FUNCTION__, hs->hostbatch[hidx]->NameIP());

 Is there a reason why hidx is used?  Shouldnt it be 'i' instead of hidx?

-Ganga



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev