Nmap Development mailing list archives

Re: [RFC] Output file option for capturing service and os fingerprints

From: "Michael Pattrick" <mpattrick () rhinovirus org>
Date: Fri, 20 Jun 2008 18:03:30 -0400

Hey Brandon,

Thanks for the report, I see both mistakes that I made when changing
from a static array to a dynamic array and I've fixed them. But I
couldn't reproduce the bug on windows or linux, what conditions caused
the segfault? Can you run the same scan with the current SVN to see if
it still happens?

Thanks,
Michael

On Fri, Jun 20, 2008 at 5:46 PM, Brandon Enright <bmenrigh () ucsd edu> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 19 Jun 2008 23:26:28 -0400
"Michael Pattrick" <mpattrick () rhinovirus org> wrote:

Hey Brandon,

On Thu, Jun 19, 2008 at 9:06 PM, Brandon Enright <bmenrigh () ucsd edu>
wrote:

It occurs to me that if people are seriously using the servicefp=
attribute we should probably expand the buffer beyond 2k.  When I
patched Nmap to include the the fingerprint I limited
xml_sf_convert() routine to 2035 bytes.


I went ahead and fixed this.

Cheers,
Michael


Hey Michael --

This may have had some adverse effects...

The latest SVN is segfaulting at output.cc:768.

Here's the gdb list and backtrace:

(gdb) list
763             log_write(LOG_XML, "/>");
764             if (current->owner && *current->owner) {
765               log_write(LOG_XML, "<owner name=\"%s\" />", current->owner);
766             }
767             if (getServiceXMLBuf(&sd, xmlbuf) == 0)
768               if (*xmlbuf){
769                 log_write(LOG_XML, "%s", xmlbuf);
770                     free(xmlbuf);
771                     xmlbuf=NULL;
772               }

(gdb) bt
#0  0x000000000043aa5b in printportoutput (currenths=<value optimized out>,
   plist=0x2a90190) at output.cc:768
#1  0x000000000041b8ce in nmap_main (argc=32, argv=0x7fff06b92f28)
   at nmap.cc:1822
#2  0x0000000000417477 in main (argc=32, argv=0x7fff06b92f28) at main.cc:224


I'll dig deeper into this if you'd like.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEUEARECAAYFAkhcJU0ACgkQqaGPzAsl94KEtQCfYJDgM5UNckyDeyTNC5v+SdY9
ibgAmLpw7EA54IZP+SDkZF9+jTMeruc=
=JG39
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[RFC] Output file option for capturing service and os fingerprints Tom Sellers (Jun 19)
- Re: [RFC] Output file option for capturing service and os fingerprints David Fifield (Jun 19)
  - Re: [RFC] Output file option for capturing service and os fingerprints Tom Sellers (Jun 19)
  - Re: [RFC] Output file option for capturing service and os fingerprints Brandon Enright (Jun 19)
- Re: [RFC] Output file option for capturing service and os fingerprints Michael Pattrick (Jun 19)
  - Re: [RFC] Output file option for capturing service and os fingerprints Brandon Enright (Jun 19)
    - Re: [RFC] Output file option for capturing service and os fingerprints Michael Pattrick (Jun 19)
    - Re: [RFC] Output file option for capturing service and os fingerprints Brandon Enright (Jun 20)
    - Re: [RFC] Output file option for capturing service and os fingerprints Michael Pattrick (Jun 20)
    - Re: [RFC] Output file option for capturing service and os fingerprints Brandon Enright (Jun 20)
    - Re: [RFC] Output file option for capturing service and os fingerprints Brandon Enright (Jun 20)
  - Re: [RFC] Output file option for capturing service and os fingerprints Tom Sellers (Jun 19)