Nmap Development mailing list archives

Re: Nping Segfaults with certain inputs to "--data"

From: "Luis MartinGarcia." <luis.mgarc () gmail com>
Date: Wed, 26 May 2010 23:35:05 +0200

Hi Greg,

Thank you very much for your patch. I've tested it and everything looks
good, so I've just applied it.

Regards,

Luis MartinGarcia.


On 05/26/2010 09:21 PM, Greg Skoczek wrote:

Hi,
I've worked on a bug pointed out to me by Luis. This bug causes nping to
segfault when using any of the following as input for the --data option:
"","\x","0x". This bug is easy to reproduce, the output is as follows

14:15:54 /root: nping $SOME_HOST --data ""
zsh: segmentation fault  nping $SOME_HOST --data ""

14:16:01 /root: nping $SOME_HOST --data "\x"
zsh: segmentation fault  nping $SOME_HOST --data "\x"

14:16:13 /root: nping $SOME_HOST --data "0x"
zsh: segmentation fault  nping $SOME_HOST --data "0x"

I found the source of the bug to be in utils.cc in the function
parseBufferSpec(). I've attached a simple patch that moves a little bit of
code around and checks string lengths that should clear up this bug.


Greg


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Nping Segfaults with certain inputs to "--data" Greg Skoczek (May 26)
- Re: Nping Segfaults with certain inputs to "--data" Luis MartinGarcia. (May 26)