Nmap Development mailing list archives

Re: Buffer overflow in Nmap when using -ox - on a /8 scan

From: Daniel Miller <bonsaiviking () gmail com>
Date: Sun, 26 Jan 2014 10:46:35 -0600

On Sat, Jan 25, 2014 at 4:25 PM, Henri Doreau <henri.doreau () gmail com> wrote:

Hi,

2014-01-25 Jacek Wielemborek <d33tah () gmail com>:

Hi,

I just found a potentially interesting error. While experimenting with Nmap, I
managed to get this strange error on Nmap 6.40 from Fedora 20:

[22:46:39][/tmp][134] $ nmap localhost/8 --min-rate 100000  -ox - -sT
[...]

Huh?! What is "-sT --min-rate 100000"?

It looks like the error comes from FD_ISSET, because you forced nmap
to open sockets beyond FD_SETSIZE. What we could have is a
CHECKED_FD_ISSET, that would abort() just like CHECK_FD_SET if the
socket # is greater than FD_SETSIZE. That would make the crash a bit
nicer but wouldn't essentially change anything...


It looks like this check is supposed to fail, since it does without
optimization (search Jacek's message for "FD_SETSIZE"). So the
compiler is optimizing out the CHECKED_FD_SET check?

Dan
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Buffer overflow in Nmap when using -ox - on a /8 scan Jacek Wielemborek (Jan 25)
- Re: Buffer overflow in Nmap when using -ox - on a /8 scan Henri Doreau (Jan 25)
  - Re: Buffer overflow in Nmap when using -ox - on a /8 scan Daniel Miller (Jan 26)
    - Re: Buffer overflow in Nmap when using -ox - on a /8 scan Daniel Miller (Jan 27)
    - Re: Buffer overflow in Nmap when using -ox - on a /8 scan Henri Doreau (Jan 27)
    - Re: Buffer overflow in Nmap when using -ox - on a /8 scan Henri Doreau (Jan 27)
    - Re: Buffer overflow in Nmap when using -ox - on a /8 scan Henri Doreau (Jan 30)