Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Conficker scanning with nmap
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 1 Apr 2009 08:41:17 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 1 Apr 2009 10:34:52 +0200 or thereabouts Lionel Cons
<lionel.cons () cern ch> wrote:

Brandon Enright <bmenrigh () ucsd edu> writes:
evp_enc.c(282): OpenSSL internal error, assertion failed: inl > 0

Brandon,

I managed to isolate the problem. It lies in nse_openssl.cc, in the
function l_encrypt which is sometimes called with an empty string.
In this case, data_len is 0 and the following:

  EVP_EncryptUpdate( &cipher_ctx, out, &out_len, data, data_len )

triggers the fatal error from OpenSSL:

  evp_enc.c(261): OpenSSL internal error, assertion failed: inl > 0

Cheers,

Lionel

Excellent digging.  I'll probably be able to work backwards from here
to figure out why tomorrow.

I'm assuming that the error is triggered in "NSE: SMB: Creating NTLMv1
response".  Ron might be able to think of a case where this would happen too.

I've never been able to reproduce the problem myself and I've tested
against a *lot* of machines/devices so either the version of OpenSSL
I'm running doesn't have the same assert() or the error condition to
trigger data_len = 0 is somewhat involved.

Brandon



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)

iEYEARECAAYFAknTKLMACgkQqaGPzAsl94L0wACfRMasOngEdYDhUSP+T347Vawy
KGYAoLIxOtyqijfDtkhJM1BQz8AMe8v9
=x5rf
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault