Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nmap-5.20 on x86_64 Segmentation fault

From: Gunnar Lindberg <Gunnar.Lindberg () chalmers se>
Date: Sun, 24 Jan 2010 21:05:17 +0100 (MET)
Sorry to have confused people, but I was quite confused myself.

This is not a x86_64 vs i386 thing.

It's the IPv6 resolvers in /etc/resolv.conf
Behavior is the same on i386 as on x86_64.

nmap-5.20/nmap_dns.cc:
static void parse_resolvdotconf() {
  char ipaddr[16];
  ...
  if (sscanf(tp, "nameserver %65s", ipaddr) == 1) add_dns_server(ipaddr);
  ...
}

I tried "char ipaddr[128];" instead. No crash but:

    Socket troubles: Address family not supported by protocol
    nmap: nsock_core.c:1163: nsp_add_event: Assertion `nse->iod->sd >= 0' failed.
    Abort

As a workaround, skip IPv6 resolvers:
    if ((sscanf(tp, "nameserver %65s", ipaddr) == 1) && !strchr(ipaddr, ':')) add_dns_server(ipaddr);

        Gunnar


From Gunnar.Lindberg () chalmers se Sun Jan 24 12:48:35 2010
From: Gunnar Lindberg <Gunnar.Lindberg () chalmers se>
To: "bmenrigh () ucsd edu" <bmenrigh () ucsd edu>
CC: "nmap-dev () insecure org" <nmap-dev () insecure org>
Date: Sun, 24 Jan 2010 12:48:33 +0100
Subject: Re: nmap-5.20 on x86_64 Segmentation fault
Message-ID: <201001241148.o0OBmX81012080 () grunert cdg chalmers se>
In-Reply-To: <20100124103109.4e79133a () spoke wan>



Thanks for the idea of /etc/resolv.conf - we're one step forward:



   search cdg.chalmers.se nomad.chalmers.se chalmers.se
   nameserver 129.16.1.53
   nameserver 129.16.2.53
   nameserver 2001:6b0:2:1::53
   nameserver 2001:6b0:2:2::53



If I comment out the two IPv6 resolver addresses nmap-5.20 works OK.



My 0.01 SEK is that something goes wrong when trying to make use of
    struct sockaddr_storage *
in get_dns_servers() and that that later on leads to corrupt data.



I'm not entirely sure, but I think "sockaddr_storage" is some kind if
"generic data struckture for all IP".



nmap-5.00/nmap_dns.cc:
   get_dns_servers()
   ...
   serverList.push_back(inet_ntoa((*servI)->addr.sin_addr))



nmap-5.20/nmap_dns.cc:
   get_dns_servers()
   ...
   serverList.push_back(inet_socktop((struct sockaddr_storage *) &(*servI)->addr));



And, NB, it's an x86_64 machine, 64 bit. These seem to turn several
things upside down - I've been hit several times when porting
ancient network software.



Maybe RedHat missed things in some x86_64 include file (I installed
g++ via "yum install gcc-c++" and got



   Installed:            gcc-c++.x86_64 0:4.1.2-46.el5_4.2
   Dependency Installed: libstdc++-devel.x86_64 0:4.1.2-46.el5_4.2



   g++ (GCC) 4.1.2 20080704 (Red Hat 4.1.2-46)



Or just that nmap-5.20 needs to include another file that will help
instruct that "sizeof(int) > 32".



I'll see to the valgring thing in a few days - RedHat don't provide
that by default so I probably have to install it myself.



      Gunnar


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: