Nmap Development mailing list archives
Re: nmap stack overflow in output subsystem
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 03 Jul 2012 12:03:49 -0500
On 07/03/2012 06:46 AM, Henri Doreau wrote:
2012/7/3 David Fifield <david () bamsoftware com>:Your patch looks right to me. It was my mistake in r29083. Your fix to log_vwrite is better than reverting that revision. David FifieldThanks, checked in as r29112.
Henri,This breaks when doing OS detection with due to the LOG_SKID_NOXLT log type. The crash looks like this:
OS:83548)T4(P=6000{4}140635XX{32}0050ab4844827f6800{4}500400002c560000%ST=
OS:0.949341%RT=1.0336)EXTRA(FL=12345)
nmap: output.cc:960: void log_vwrite(int, const char*, va_list):
Assertion `fileidx < 4' failed.
Here's a patch that fixes the issue for me: diff --git a/output.cc b/output.cc index cf9724e..e6b35b6 100644 --- a/output.cc +++ b/output.cc@@ -951,7 +951,10 @@ void log_vwrite(int logt, const char *fmt, va_list ap) {
len = alloc_vsprintf(&writebuf, fmt, ap);
if (writebuf == NULL)
fatal("%s: alloc_vsprintf failed.", __func__);
- l = logtype;
+ if (logtype == LOG_SKID_NOXLT)
+ l = LOG_SKID;
+ else
+ l = logtype;
fileidx = 0;
while ((l & 1) == 0) {
fileidx++;
Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap stack overflow in output subsystem Henri Doreau (Jul 02)
- Re: nmap stack overflow in output subsystem Henri Doreau (Jul 02)
- Re: nmap stack overflow in output subsystem Ron (Jul 02)
- Re: nmap stack overflow in output subsystem David Fifield (Jul 03)
- Re: nmap stack overflow in output subsystem Henri Doreau (Jul 03)
- Re: nmap stack overflow in output subsystem Daniel Miller (Jul 03)
- Re: nmap stack overflow in output subsystem David Fifield (Jul 03)
- Re: nmap stack overflow in output subsystem Daniel Miller (Jul 03)
- Re: nmap stack overflow in output subsystem Henri Doreau (Jul 02)