Nmap Development mailing list archives
Re: bugfix: "uninitialized UserArray/PassArray"
From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Sat, 19 Jun 2010 02:03:23 +0300
On 06/18/2010 02:02 AM, Robin Krom wrote:
Hi, I think there's a minor bug in ncrack revision 18218 that causes ncrack to throw the fatal error "uninitialized UserArray/PassArray" and shutdown.
Hello Robin, can you please specify how to reproduce this kind of fatal error? So far, I haven't seen this in any cracking session. What were the command-line options with which you invoked Ncrack? Did you try to reproduce the above error after applying your patch and was it fixed that way?
the bug is in the lines 2061 - 2064 of ncrack.cc: if (SG->last_accessed == SG->services_active.end()) li = SG->services_active.begin(); else li = SG->last_accessed++; here SG->last_accessed is checked wether it points to the end of the list SG->services_active. however, if it points to the element exactly before the end, the iterator li will be assigned with SG->last_accessed++, and thus li will point to the end of the list. li is not checked further afterwards.
This is not true. li = SG->last_accessed++ uses a postfix increment operation which would be equivalent to doing this: li = SG->last_accessed; SG->last_accessed++; This means that when 'li' is assigned the element just *before* the end of the list, then 'last_accessed' will point to the end of the list, and will subsequently be checked at the beginning of the if condition, when the loop starts again inside ncrack_probes(), thus setting 'li' to SG->services_active.begin(). Regards, ithilgore -- http://sock-raw.org http://twitter.com/ithilgore _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- bugfix: "uninitialized UserArray/PassArray" Robin Krom (Jun 17)
- Re: bugfix: "uninitialized UserArray/PassArray" ithilgore (Jun 18)