Re: Nmap crashing

[Gisle Vanem <gvanem () yahoo no>]

Daniel Miller wrote:

> If you can provide the full output of the following command up until it crashes, that would be ideal:
> nmap -Pn -d2 --script-trace --script "discovery and safe" -sn
>
> If this does not actually crash for you, change the script invocation to "safe" or replace -sn with scanme.nmap.org
> <http://scanme.nmap.org> as necessary, but I think this will be sufficient to reproduce.

I can confirm the following crashes (on Win-10):
  nmap -Pn -d2 --script-trace --script "safe" scanme.nmap.org

This seems to be due to OpenSSL's ERR_reason_error_string()
(in __nsock_log_internal()) returns a NULL which Nmap's append_string()
doesn't handle. The call-stack:
  nmap!append_string+0x20
  nmap!xyzprintf+0x223
  nmap!vasnprintf+0x4f
  nmap!vasprintf+0x13
  nmap!__nsock_log_internal+0x47
  nmap!do_actual_read+0x309

It's an easy fix to make append_string() handle a
NULL 'arg' which a proper implementation of vasnprintf()
on Posix should handle. But since both the me and the OP are on
Windows, it crashes.

--gv
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/