Nmap Development mailing list archives

Re: [patch] openssl/md2 issue autoconf files configure.ac configure nse_openssl.cc

From: Daniel Roethlisberger <daniel () roe ch>
Date: Tue, 31 Aug 2010 12:41:52 +0200

olli hauer <ohauer () gmx de> 2010-08-29:

On 2010-08-29 18:25, David Fifield wrote:

On Sat, Aug 28, 2010 at 11:30:05PM +0200, olli hauer wrote:

On 2010-08-27 01:23, David Fifield wrote:

On Fri, Aug 20, 2010 at 10:10:33PM +0200, olli hauer wrote:

Has someone a workaround if openssl is build with SCTP support?
I got the following build failure if SCTP is anabled in openssl.

In file included from /usr/local/include/openssl/dtls1.h:78,
                 from /usr/local/include/openssl/ssl.h:1193,
                 from service_scan.cc:106:
/usr/include/netinet/sctp.h:57: error: redefinition of 'struct sctp_chunkhdr'
./libdnet-stripped/include/dnet/sctp.h:39: error: previous definition of 'struct
sctp_chunkhdr'
gmake[1]: *** [service_scan.o] Error 1
gmake[1]: Leaving directory `/data/work/usr/ports/security/nmap/work/nmap-5.35DC1'
gmake: *** [all] Error 2
*** Error code 1


Daniel, is this a naming conflict with libdnet's own sctp_chunkhdr?
Might it have to be renamed?

David Fifield



I may have found the issue.
sctp_chunkhdr is not defined in openssl-1.x but since Nov 2006 in FreeBSD.
(Sorry, I haven't mention FreeBSD in the first post)


If openssl-1.x is build on FreeBSD with SCTP support, then this lines are
present in "openssl/dtls1.h"

#ifdef OPENSSL_SCTP
#include <netinet/sctp.h>
#endif


In netinet/sctp.h sctp_chunkhdr is defined as

#define SCTP_PACKED __attribute__((packed))
struct sctp_chunkhdr {
    uint8_t chunk_type; /* chunk type */
    uint8_t chunk_flags;    /* chunk flags */
    uint16_t chunk_length;  /* chunk length */
    /* optional params follow */
}             SCTP_PACKED;

Source:
http://svn.freebsd.org/viewvc/base/release/7.0.0/sys/netinet/sctp.h?view=log

Where in nmap-5.x sctp_chunkhdr is defined as follows in
nmap-5.x/libdnet-stripped/include/dnet/sctp.h

struct sctp_chunkhdr {
    uint8_t     sch_type;   /* chunk type */
    uint8_t     sch_flags;  /* chunk flags */
    uint16_t    sch_length; /* chunk length */
} __attribute__((__packed__));


Indeed a quick fix for me is to rename sctp_chunkhdr to a different
name in this files.
- traceroute.cc
- scan_engine.cc
- libdnet-stripped/include/dnet/sctp.h


PS:
Is the nmap repo somewhere available as read only to test against HEAD?


Yes, see the instructions at http://nmap.org/book/install.html#inst-svn.
The summary is

svn co --username guest --password "" svn://svn.insecure.org/nmap

Are you planning to send a patch for the sctp_chunkhdr problem?

David


Thanks, I just overlooked the svn url, and have tried to get the sources
from nmap.org/svn which does not work.

I'm the new maintainer of the FreeeBSD nmap port and have one open bug
report about the scpt_chunkhdr issue so I was looking how to fix it.

On a quick search to see if other OS can be affected too I found the
following reference for sctp_chunkhdr.
http://www.cs.fsu.edu/~baker/devices/lxr/http/source/linux/include/linux/sctp.h?v=2.6.25.8

Since I don't know a preferred alternative function name the patch
works only if you do a replacement before.

$> sed -e 's|%%NMAP_SCTP_CHUNKHDR%%|new_sctp_chunkhdr_function_name|g' $patch

If you have a preferred alternative name I can send a new patch.


The most obvious idea, naming it sctp_chunk_hdr, doesn't solve
the problem because Solaris actually defines struct
sctp_chunk_hdr and not struct sctp_chunkhdr in netinet/sctp.h, so
we'd just shift the problem from BSD to Solaris.

I'd propose to rename it to dnet_sctp_chunkhdr.  It is ugly, I
know, but since we'll have to deviate from the libdnet naming
scheme anyway we may as well make it straightforward.

-- 
Daniel Roethlisberger
http://daniel.roe.ch/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[patch] openssl/md2 issue autoconf files configure.ac configure nse_openssl.cc olli hauer (Aug 20)
- Re: [patch] openssl/md2 issue autoconf files configure.ac configure nse_openssl.cc David Fifield (Aug 20)
- Re: [patch] openssl/md2 issue autoconf files configure.ac configure nse_openssl.cc David Fifield (Aug 26)
  - Re: [patch] openssl/md2 issue autoconf files configure.ac configure nse_openssl.cc Daniel Roethlisberger (Aug 28)
  - Re: [patch] openssl/md2 issue autoconf files configure.ac configure nse_openssl.cc olli hauer (Aug 28)
    - Re: [patch] openssl/md2 issue autoconf files configure.ac configure nse_openssl.cc David Fifield (Aug 29)
    - Re: [patch] openssl/md2 issue autoconf files configure.ac configure nse_openssl.cc olli hauer (Aug 29)
    - Re: [patch] openssl/md2 issue autoconf files configure.ac configure nse_openssl.cc Daniel Roethlisberger (Aug 31)
    - Re: [patch] openssl/md2 issue autoconf files configure.ac configure nse_openssl.cc David Fifield (Sep 04)
- <Possible follow-ups>
- [patch] openssl/md2 issue autoconf files configure.ac configure nse_openssl.cc olli hauer (Aug 20)