Nmap Development mailing list archives
-sV crash in $# substitution function substvar()
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sat, 21 Jul 2007 05:48:21 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 While testing Kris's excelent HTTPpasswd.nse script, I ran into a service that always causes Nmap to crash when -sV is used with the following error: nmap: service_scan.cc:622: int substvar(char*, char**, char*, int, const u8*, int, int*, int): Assertion `offstart >= 0 && offstart < subjectlen' failed. Aborted Turning on --version-trace produces this little tidbit before it dies: NSOCK (6.2430s) Write request for 22 bytes to IOD #3 EID 83 [132.239.8.109:8080]: OPTIONS / RTSP/1.0.... NSOCK (6.2430s) Read request from IOD #3 [x.y.a.b:8080] (timeout: 5000ms) EID 90 NSOCK (6.2430s) Callback: WRITE SUCCESS for EID 83 [x.y.a.b:8080] NSOCK (6.2440s) Callback: READ SUCCESS for EID 90 [x.y.a.b:8080] (316 bytes) nmap: service_scan.cc:622: int substvar(char*, char**, char*, int, const u8*, int, int*, int): Assertion `offstart >= 0 && offstart < subjectlen' failed. Aborted When I watch the traffic with tcpdump, this is what leads up to the crash. Nmap sends: OPTIONS / RTSP/1.0 Service responds with: RTSP/1.0 200 OK Date: Sat, 21 Jul 2007 05:20:57 GMT Server: Helix Server Version 11.1.1.1099 (linux-rhel4-i686) (RealServer compatible) Public: OPTIONS, DESCRIBE, ANNOUNCE, PLAY, PAUSE, SETUP, GET_PARAMETER, SET_PARAMETER, TEARDOWN TurboPlay: 1 RealChallenge1: ad06494caf2f229292fc6ea7065256b6 StatsMask: 8 I've looked at service_scan.cc but I'm not familiar enough with this portion of the code to troubleshoot the problem. I'd be happy to send a packet capture privately or compile nmap with -g to help troubleshoot. Brandon - -- Brandon Enright Network Security Analyst UCSD Network Operations bmenrigh () ucsd edu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGoZ4nqaGPzAsl94IRApzfAJ4qipWw53FCKbRu6edPkHx4FDSvYACgsFNd Kt1nZCweaR4zZtivnJekO9A= =C5QQ -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- -sV crash in $# substitution function substvar() Brandon Enright (Jul 20)
- Re: -sV crash in $# substitution function substvar() doug (Jul 21)
- Re: -sV crash in $# substitution function substvar() Brandon Enright (Jul 21)
- Re: -sV crash in $# substitution function substvar() Brandon Enright (Jul 21)
- Re: -sV crash in $# substitution function substvar() Brandon Enright (Jul 21)
- Re: -sV crash in $# substitution function substvar() doug (Jul 21)