Nmap Development mailing list archives
nmap stack overflow in output subsystem
From: Henri Doreau <henri.doreau () gmail com>
Date: Mon, 2 Jul 2012 19:11:40 +0200
Hi, Nmap can reliably crash with a simple nmap -sV -dd -oN nmap.out <targets> command under some conditions. The two functions fatal() and log_vwrite() recursively call each other, leading to a stack overflow. The root cause of it is log_vwrite() calls that use bitmasks to describe log types (introduced in r29083 I think), although unlike the regular log_write() function log_vwrite() doesn't support such masks. See the patch attached for a fix, that modifies log_vwrite() to add support of log type bitmasks. I'd like someone to have a second look at it. Regards. -- Henri
Attachment:
output_so.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap stack overflow in output subsystem Henri Doreau (Jul 02)
- Re: nmap stack overflow in output subsystem Henri Doreau (Jul 02)
- Re: nmap stack overflow in output subsystem Ron (Jul 02)
- Re: nmap stack overflow in output subsystem David Fifield (Jul 03)
- Re: nmap stack overflow in output subsystem Henri Doreau (Jul 03)
- Re: nmap stack overflow in output subsystem Daniel Miller (Jul 03)
- Re: nmap stack overflow in output subsystem David Fifield (Jul 03)
- Re: nmap stack overflow in output subsystem Daniel Miller (Jul 03)
- Re: nmap stack overflow in output subsystem Henri Doreau (Jul 02)