Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

nping crash on Win-8.1

From: Gisle Vanem <gvanem () yahoo no>
Date: Thu, 05 Mar 2015 13:53:32 +0100
Here is a crash-report on Win-8.1 (nping built with MSVC)
using a simple "nping -6 printer" command:
nping!_find_adapter_address(struct intf_handle * intf = 0x04139e20, char * device = 0x00de9084 "\Device\NPF_{2FB5734B-AF48-4BCC-B4A5-8859D074C093}")+0x9b nping!intf_get_pcap_devname(char * intf_name = 0x00de9084 "\Device\NPF_{2FB5734B-AF48-4BCC-B4A5-8859D074C093}", char * pcapdev = 0x00d19104 "???", int pcapdevlen = 0n128)+0x6e nping!eth_get_pcap_devname(char * intf_name = 0x00de9084 "\Device\NPF_{2FB5734B-AF48-4BCC-B4A5-8859D074C093}", char * pcapdev = 0x00d19104 "???", int pcapdevlen = 0n128)+0x14 nping!DnetName2PcapName(char * dnetdev = 0x00de9084 "\Device\NPF_{2FB5734B-AF48-4BCC-B4A5-8859D074C093}", char * pcapdev = 0x00d1f9d4 "???", int pcapdevlen = 0n128)+0xd9 
nping!ProbeMode::start(void)+0x6a9
nping!main(int argc = 0n4, char ** argv = 0x03fb60e0)+0x22d

In libdnet-stripped\src\intf-win32.c and _find_adapter_address():

        for (a = intf->iftable; a != NULL; a = a->Next) {
                if (intf->ifcombo[type].idx[n].ipv4 == a->IfIndex &&
                    intf->ifcombo[type].idx[n].ipv6 == a->Ipv6IfIndex) {
                        return a;

'intf->ifcombo[type].idx' is NULL! Hence the crash.

Here is a list of my devices from 'nmap.exe --iflist'

Starting Nmap 6.47SVN ( http://nmap.org ) at 2015-03-05 12:36 CET
************************INTERFACES************************
DEV  (SHORT) IP/MASK                              TYPE        UP   MTU  MAC
eth0 (eth0)  FE80::25B2:94E1:A00A:D355/64         ethernet    down 1500 00:15:83:12:37:2F
eth0 (eth0)  169.254.211.85/4                     ethernet    down 1500 00:15:83:12:37:2F
eth1 (eth1)  10.0.0.11/4                          ethernet    down 1500 00:18:4D:00:DE:17
eth1 (eth1)  169.254.71.51/4                      ethernet    down 1500 00:18:4D:00:DE:17
eth2 (eth2)  10.0.0.10/24                         ethernet    up   1500 E0:3F:49:81:2E:EA
lo0  (lo0)   ::1/128                              loopback    up   -1
lo0  (lo0)   127.0.0.1/8                          loopback    up   -1
tun0 (tun0)  FE80::5EFE:A00:A/128                 point2point down 1280
tun1 (tun1)  2001:0:9D38:90D7:31:1948:F5FF:FFF5/0 point2point up   1280
tun1 (tun1)  FE80::31:1948:F5FF:FFF5/0            point2point up   1280

DEV    WINDEVICE
eth0   \Device\NPF_{2FB5734B-AF48-4BCC-B4A5-8859D074C093}
eth0   \Device\NPF_{2FB5734B-AF48-4BCC-B4A5-8859D074C093}
eth1   \Device\NPF_{CCD22B2E-19F7-4F4A-92CF-2DDAAF0176AE}
eth1   \Device\NPF_{CCD22B2E-19F7-4F4A-92CF-2DDAAF0176AE}
eth2   \Device\NPF_{81B64062-5517-4460-88BD-ABEB0B8A16BA}
...

------------

Since the '\Device\NPF_{2FB5734B-AF48-4BCC-B4A5-8859D074C093}' (eth0) is
'down', the crash may have something to do with it.

I patched  _find_adapter_address() to not touch
'intf->ifcombo[type].idx' if it is NULL. Work fine AFAICS.

BTW. Nmap had no problems before this patch.

--
--gv
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: