Re: Ncat segmentation fault with --ssl and --chat

[David Fifield <david () bamsoftware com>]

On Fri, Jul 17, 2009 at 02:47:05PM +0200, Thomas Heßling wrote:
> I just tried the new 5.00 release of Nmap and noticed a segmentation
> fault in the Ncat tool. Searching for this revealed nothing so I am
> writing to this list. It appears when I combine the --ssl and --chat
> option like follows:
>
> $ ncat --listen --ssl --chat localhost 10000
>
> I can connect multiple times and chat but as soon as one client
> disconnects the others receive endless amounts of text like this:
>
> <user4> <user4> <user4> <user4> <user4> <user4> <user4> <user4> <user4>
> <user4> <user4> <user4> <user4> <user4> <user4> <user4> <user4> <user4>
>
> If any new connection to the listener is created Ncat exits with a
> segmentation fault. This does not happen if I omit the --ssl option and
> this also does not happen if I simulate the chat with:
>
> $ ncat --listen --ssl --broker localhost 10000
>
> I tested this on an Ubuntu9.04-amd64 system with kernel 2.6.28 and
> libssl0.9.8g. If there's any more information you need let me know.

Thanks very much for the complete report. I believe that this is fixed
in the latest Subversion version. I believe that is had the same cause
as the problem in this thread:

Ncat with ssl using 100% cpu
http://seclists.org/nmap-dev/2009/q3/0019.html

I just tried the above commands with the latest version and didn't get
the repeated output nor a segmentation fault, and Valgrind reports no
errors when one user disconnects and reconnects.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org