Re: Nmap 4.20ALPHA6 -O2 scan error

[doug () hcsw org]

Hi sxav,

On Sun, Sep 03, 2006 at 06:42:37PM +0200 or thereabouts, sxav wrote:
> I just test last nmap version today (4.20ALPHA6) and I encounter this error
> during a scan:
>       
>       [...]
>       Scanning 112 services on 204 hosts
>       Service scan Timing: About 31.25% done; ETC: 18:27 (0:01:06 remaining)
>       Unexpected PCRE error (-8) when probing for service http with the regex
>       '^HTTP/1\.0 \d\d\d .*\n.*\r\n\r\n.*\n\t\t<title>OpenWrt Administrative
>       Console</title>'
>       QUITTING!
>
> Command line: nmap -sS -sV -O2 -p 21,22,25,80,443 -n -P0 -v -iL toscan

Actually, this looks like an error in version detection. PCRE error -8 is
(from the manpage):

 PCRE_ERROR_MATCHLIMIT     (-8)

       The  backtracking  limit,  as  specified  by the match_limit field in a
       pcre_extra structure (or defaulted) was reached.

       ...

       The match_limit field provides a means of preventing PCRE from using up
       a  vast amount of resources when running patterns that are not going to
       match, but which have a very large number  of  possibilities  in  their
       search  trees.  The  classic  example  is  the  use of nested unlimited
       repeats.

And here's the offending pattern in nmap-service-probes:

match http m|^HTTP/1\.0 \d\d\d .*\n.*\r\n\r\n.*\n\t\t<title>OpenWrt Administrative Console</title>|s p/OpenWrt BusyBox 
httpd/ d/WAP/

Although it suprises me this pattern is hitting a match_limit, maybe it would
be best to change the line to:

match http m|^HTTP/1\.0 \d\d\d .*\n\t\t<title>OpenWrt Administrative Console</title>|s p/OpenWrt BusyBox httpd/ d/WAP/

Best,

Doug


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org