mailing list archives
Re: Buffer overflow in Nmap when using -ox - on a /8 scan
From: Henri Doreau <henri.doreau () gmail com>
Date: Sat, 25 Jan 2014 23:25:01 +0100
2014-01-25 Jacek Wielemborek <d33tah () gmail com>:
I just found a potentially interesting error. While experimenting with Nmap, I
managed to get this strange error on Nmap 6.40 from Fedora 20:
[22:46:39][/tmp] $ nmap localhost/8 --min-rate 100000 -ox - -sT
Huh?! What is "-sT --min-rate 100000"?
It looks like the error comes from FD_ISSET, because you forced nmap
to open sockets beyond FD_SETSIZE. What we could have is a
CHECKED_FD_ISSET, that would abort() just like CHECK_FD_SET if the
socket # is greater than FD_SETSIZE. That would make the crash a bit
nicer but wouldn't essentially change anything...
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/