Nmap Development mailing list archives

Re: nmap crash when destination unreachable message received

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 5 Jun 2015 14:48:53 -0500

Adam,

Thanks so much for this critical bug report! We recently added a new check
for ICMP messages which calls the icmpid() function, but we didn't add a
corresponding check to be sure that function was safe to call. Would you be
able to apply the attached patch and let us know if it solves the issue?

Dan

On Fri, Jun 5, 2015 at 8:51 AM, Adam Badaoui <adam.badaoui () cyberis co uk>
wrote:

 A bug has been identified in the latest beta version of nmap – Nmap
6.49BETA1



*nmap -V*

Nmap version 6.49BETA1 ( http://nmap.org )

Platform: x86_64-unknown-linux-gnu

Compiled with: nmap-liblua-5.2.3 openssl-1.0.1f libpcre-8.31
nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6

Compiled without:

Available nsock engines: epoll poll select



*OS:* Ubuntu 14.04 (tested on Desktop and Server)



When nmap undergoes host discovery, if a host responds with an ICMP
Destination Unreachable, Nmap aborts with the following error:



nmap: scan_engine_raw.cc:206: u16 UltraProbe::icmpid() const: Assertion
`mypspec.proto == IPPROTO_ICMP || mypspec.proto == IPPROTO_ICMPV6' failed.

Aborted (core dumped)



This issue has been reproduced with ICMP Destination Unreachable types 13
(Communication Administratively Prohibited) and type 0 (Net Unreachable)
messages. Other Destination Unreachable messages may also be affected.





*Adam Badaoui  *|  Consultant

Cyberis Limited |  www.cyberis.co.uk

Tel: +44 (0)3333 406485

Mobile: +44 (0)7477 632736


 ------------------------------

This message is private and confidential. If you have received this
message in error, please notify us immediately and delete this email from
your system. Email transmission cannot be guaranteed to be secure or
error-free as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses. The sender therefore does
not accept liability for any errors or omissions in the contents of this
message, which arise as a result of email transmission.

Cyberis Limited is a company registered in England and Wales. Company
number 7556994. Registered office: Unit E, The Courtyard, Tewkesbury
Business Park, Tewkesbury, GL20 8GD.

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Attachment: icmpid.patch
Description:

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

nmap crash when destination unreachable message received Adam Badaoui (Jun 05)
- Re: nmap crash when destination unreachable message received Daniel Miller (Jun 05)
  - RE: nmap crash when destination unreachable message received Adam Badaoui (Jun 08)
  - RE: nmap crash when destination unreachable message received Adam Badaoui (Jun 08)
  - Re: nmap crash when destination unreachable message received Daniel Miller (Jun 16)