Nmap Development mailing list archives
smb-protocols script crashes against NetApp
From: William Faulk <wfaulk () gmail com>
Date: Fri, 22 Sep 2017 17:27:33 -0400
The error is: /usr/local/bin/../share/nmap/nselib/unicode.lua:201: bad argument #2 to 'unpack' (data string too short) stack traceback: [C]: in function 'string.unpack' /usr/local/bin/../share/nmap/nselib/unicode.lua:201: in function 'unicode.utf16_dec' /usr/local/bin/../share/nmap/nselib/unicode.lua:70: in function 'unicode.transcode' (...tail calls...) /usr/local/bin/../share/nmap/nselib/smb.lua:1089: in function 'smb.negotiate_v1' /usr/local/bin/../share/nmap/nselib/smb.lua:1150: in function 'smb.list_dialects' /usr/local/bin/../share/nmap/scripts/smb-protocols.nse:58: in function </usr/local/bin/../share/nmap/scripts/smb-protocols.nse:54> (...tail calls...) What I found is that inside smb.negotiate_v1, there is an assignment to "remainder" trying to translate from UTF16 to UTF8. The buffer is 99 bytes long. This can obviously not be a valid UTF16 string and the transcode crashes. There should be better error checking in the unicode library, but the real problem is probably that the data is not what is expected. I dumped it and it doesn't look like it's just the domain and server names. I don't really know how much of this data I can supply without compromising myself. The NetApp this is being run against is running its OS Data OnTap 8.1.1P2 in 7-Mode, and this is nmap v7.60. -- Bitt Faulk _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- smb-protocols script crashes against NetApp William Faulk (Sep 24)