|
Nmap Development
mailing list archives
Re: [PATCH] Experimental SCTP scan support
From: doug () hcsw org
Date: Sat, 3 Jan 2009 10:39:49 +0000
On Sat, Jan 03, 2009 at 03:48:09AM -0600 or thereabouts, Kris Katterjohn wrote:
...
*** buffer overflow detected ***: ./nmap terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7c44558]
/lib/tls/i686/cmov/libc.so.6[0xb7c42680]
/lib/tls/i686/cmov/libc.so.6(__strcpy_chk+0x44)[0xb7c41944]
./nmap(_Z15printportoutputP6TargetP8PortList+0x639)[0x8083569]
./nmap(_Z9nmap_mainiPPc+0x2099)[0x8061ea9]
./nmap(main+0x1e4)[0x805cdc4]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7b60685]
./nmap[0x805cb11]
For anyone not familiar with this error message, it is from a fairly
recent addition to gcc called _FORTIFY_SOURCE. Kris observed this
error because Ubuntu enables _FORTIFY_SOURCE=2 by default on all
gcc compiles, unlike many other linux distros.
_FORITFY_SOURCE does several things and you can read about it here:
http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
In this case, gcc has placed run-time checks on strcpy() invocations,
one of which I think is triggered by the following part of the patch:
- strcpy(protocol,(current->proto == IPPROTO_TCP)? "tcp": "udp");
+ strcpy(protocol, IPPROTO2STR(current->proto));
This is in the function printportoutput() in output.cc. Looks
to me like the problem is that protocol[] is defined as such:
char protocol[4];
so "sctp\0" is one too many to fit into this buffer.
Hope this helps,
Doug
Attachment:
_bin
Description:
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
| 
Intro
