Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Nping Segfaults with certain inputs to "--data"

From: Greg Skoczek <gsk067 () gmail com>
Date: Wed, 26 May 2010 14:21:40 -0500
Hi,
I've worked on a bug pointed out to me by Luis. This bug causes nping to
segfault when using any of the following as input for the --data option:
"","\x","0x". This bug is easy to reproduce, the output is as follows

14:15:54 /root: nping $SOME_HOST --data ""
zsh: segmentation fault  nping $SOME_HOST --data ""

14:16:01 /root: nping $SOME_HOST --data "\x"
zsh: segmentation fault  nping $SOME_HOST --data "\x"

14:16:13 /root: nping $SOME_HOST --data "0x"
zsh: segmentation fault  nping $SOME_HOST --data "0x"

I found the source of the bug to be in utils.cc in the function
parseBufferSpec(). I've attached a simple patch that moves a little bit of
code around and checks string lengths that should clear up this bug.


Greg

Attachment: utils.cc.patch
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: