bug printing OS information if lastboot is reported in the future

["Toby Simmons" <toby () simmonsconsulting com>]

Sorry, I've never reported a bug before ... I hope I'm doing this right ...

Running on Windows XP sp 3
Using the arguments:
-sS -sV -T4 -O -v --osscan-limit --version-light 10.2.2.200 -oX
c:\temp\p.xml

Where 10.2.2.200 is a 10.3.9 Mac OS X that (for some unknown reason) seems
to return it's lastboot in the future after running an OS scan.

Crash occurs when trying to output the uptime to an XML log.

(line 1940 of nmap.cc)
        printosscanoutput(currenths);
 
Jumps to (line 1714 of output.cc)
    log_write(LOG_XML, "<uptime seconds=\"%li\" lastboot=\"%s\" />\n",
tv.tv_sec - currenths->seq.lastboot, tmbuf);

   (tv.tv_sec = 1252519807; currenths->seq.lastboot = 3823319248; tmbuf =
"Mon Feb 26 03:07:28 2091")

Jumps to (line 1092 of output.cc)
      log_vwrite(l, fmt, ap);

Jumps to (line 1043 of output.cc)
      len = Vsnprintf(writebuf, writebuflen, fmt, ap);

Jumps to (line 145 of nbase_str.c)
        ret = vsnprintf(s, n, fmt, ap);

--- MS code now ---
Jumps to (line 190 of VC\crt\src\vsprintf.c)
    return _vsnprintf_l(string, count, format, NULL, ap);

Jumps to (line 138 of VC\crt\src\vsprintf.c)
        retval = _output_l(outfile, format, plocinfo, ap );

Jumps to (eventually, line 1589 of VC\crt\src\output.c where something weird
happens in this line)
   text.sz = (char *)get_ptr_arg(&argptr);

text.sz ends up being a bad pointer (0xffffffff)


This doesn't seem to happen on Mac OS X (Leopard).



Thanks &
Cheers,

Toby
___________________________________
Toby Simmons
Simmons Consulting Web Design & Marketing
501-399-3603/Office | 501-231-2045/Cell | 501-244-4416/Fax
toby () simmonsconsulting com | http://www.simmonsconsulting.com



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org