Re: nmap-5.20 on x86_64 Segmentation fault

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 25 Jan 2010 07:37:32 -0600
Kris Katterjohn <katterjohn () gmail com> wrote:
[...snip...]
> > >     Socket troubles: Address family not supported by protocol
> > >     nmap: nsock_core.c:1163: nsp_add_event: Assertion `nse->iod->sd
> > > > = 0' failed. Abort
> >
> > Indeed, Nsock doesn't do IPv6 yet.
>
> Odds are I'm misunderstanding the issue (since I didn't receive
> Gunnar's email quoted here) or I'm not following this correctly, but
> what do you mean nsock doesn't do IPv6?  Perhaps the assertion
> failure above was triggered with code utilizing a special part of
> nsock which doesn't support IPv6 yet, but I just wanted clarification
> here :)  I know IPv6 is supported in Ncat via nsock, and surely NSE
> and version detection support IPv6 with it too.
>
> > Brandon
>
> Thanks,
> Kris Katterjohn


Hey Kris, sorry it took me all day to find the time to dig into this.
Thanks for the sanity check, turns out I'm insane! You're right, of
course.  I thought we were missing some of the IPv6 framework in Nsock
we needed to do v6 reverse lookups.  I thought the "Socket troubles:
Address family not supported by protocol" only confirmed that.

I've dug into the "issue" though and it turns out the support is there
and working.  It seems if you're testing on a machine that doesn't have
IPv6 support though that's what you get.

So, specifically for Gunnar's issue, we can't read IPv6 addresses
longer than 16 characters in /etc/resolv.conf without smashing the
stack.  We need to fix this but rather than hardcode a buffer of 128,
David had some better ideas.  I'm happy to code them up but I can't
remember the name of the IPv6 address max string length constant he
pointed out to me...

With regard to skipping IPv6 DNS servers, we *should not* as long as we
have IPv6 support compiled in.  I haven't actually tried this to see if
it fails gracefully or not.

With regard to getting "Socket troubles: Address family not supported
by protocol" out of Nsock when your OS doesn't do IPv6, I think we can
print a little note reminding the user that their OS needs to support
IPv6, not just Nmap.

Regarding failing an assert() when the socket isn't created.  I'm not
sure if there is a much better way to fail so I don't see this as a
huge deal.

We might think about having Nmap check at startup if it can create an
AF_INET6 socket so that later we don't bomb out.  That's more of a
future architectural thing though.


Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)

iEYEARECAAYFAkteUykACgkQqaGPzAsl94LNcQCdHeSAIy9q91AOR8o5R+whijqW
NNIAnjawxWTag1fmfFfcGrp12CUYJ3m3
=pAaP
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/