Re: nmap-5.20 on x86_64 Segmentation fault

[Gunnar Lindberg <Gunnar.Lindberg () chalmers se>]

> INET6_ADDRSTRLEN in netinet/in.h.
#define INET6_ADDRSTRLEN 46

An observation:

There still is an implicit length compiled into the code, since

    sscanf(tp, "nameserver %65s", ipaddr)
    sscanf(tp, "nameserver %127s", nsrvr)

I think that's hard to get "%s46s" from that "#define".

To be strict you have to do more checks - or make it "big enough"

    char nsrvr[BUFSIZ];
    sscanf(tp, "nameserver %s", nsrvr)

Lazy me would probably go for that "big enough" :-).

        Gunnar

> From katterjohn () gmail com Tue Jan 26 03:45:13 2010
> From: Kris Katterjohn <katterjohn () gmail com>
> To: Brandon Enright <bmenrigh () ucsd edu>
> CC: Gunnar Lindberg <gunnar.lindberg () chalmers se>, "nmap-dev () insecure org"
>       <nmap-dev () insecure org>
> Date: Tue, 26 Jan 2010 03:46:09 +0100
> Subject: Re: nmap-5.20 on x86_64 Segmentation fault
> Message-ID: <4B5E5771.30005 () gmail com>
> References: <201001241148.o0OBmX81012080 () grunert cdg chalmers se>
>       <201001242005.o0OK5HmD021206 () grunert cdg chalmers se>
>       <20100124205751.3af8f9be () spoke wan>  <4B5D9E9C.1060700 () gmail com>
> <20100126022747.2b9749e4@gamma>
> In-Reply-To: <20100126022747.2b9749e4@gamma>

> On 01/25/2010 08:27 PM, Brandon Enright wrote:
> > On Mon, 25 Jan 2010 07:37:32 -0600
> > Kris Katterjohn <katterjohn () gmail com> wrote:
> > [...snip...]
> > > > >     Socket troubles: Address family not supported by protocol
> > > > >     nmap: nsock_core.c:1163: nsp_add_event: Assertion `nse->iod->sd
> > > > > > = 0' failed. Abort
> > > > Indeed, Nsock doesn't do IPv6 yet.
> > > Odds are I'm misunderstanding the issue (since I didn't receive
> > > Gunnar's email quoted here) or I'm not following this correctly, but
> > > what do you mean nsock doesn't do IPv6?  Perhaps the assertion
> > > failure above was triggered with code utilizing a special part of
> > > nsock which doesn't support IPv6 yet, but I just wanted clarification
> > > here :)  I know IPv6 is supported in Ncat via nsock, and surely NSE
> > > and version detection support IPv6 with it too.
> >
> > > > Brandon
> > > Thanks,
> > > Kris Katterjohn
> >
> >
> > Hey Kris, sorry it took me all day to find the time to dig into this.

> Hey Brandon.  No worries: I was only almost late for class trying to push this
> out, so we're all good ;)  Eh, who am I kidding?  It was just Linear Algebra
> so feel free to have me respond another morning :P

> > So, specifically for Gunnar's issue, we can't read IPv6 addresses
> > longer than 16 characters in /etc/resolv.conf without smashing the
> > stack.  We need to fix this but rather than hardcode a buffer of 128,
> > David had some better ideas.  I'm happy to code them up but I can't
> > remember the name of the IPv6 address max string length constant he
> > pointed out to me...

> INET6_ADDRSTRLEN in netinet/in.h.  And actually a quick grep yielded this
> defined in Target.h as well.  Not sure why that's not in tcpip.h with the IPv4
> one also defined there.

> > Brandon

> Cheers,
> Kris Katterjohn

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/