Nmap Development mailing list archives
Re: nping crash on Win-8.1
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 5 Mar 2015 13:40:15 -0600
Gisle,
Thanks for the bug report. So does this patch fix it?
--- a/libdnet-stripped/src/intf-win32.c
+++ b/libdnet-stripped/src/intf-win32.c
@@ -262,7 +262,8 @@ _find_adapter_address(intf_t *intf, const char *device)
n = atoi(p);
for (a = intf->iftable; a != NULL; a = a->Next) {
- if (intf->ifcombo[type].idx[n].ipv4 == a->IfIndex &&
+ if ( intf->ifcombo[type].idx != NULL &&
+ intf->ifcombo[type].idx[n].ipv4 == a->IfIndex &&
intf->ifcombo[type].idx[n].ipv6 == a->Ipv6IfIndex) {
return a;
}
Dan
On Thu, Mar 5, 2015 at 6:53 AM, Gisle Vanem <gvanem () yahoo no> wrote:
Here is a crash-report on Win-8.1 (nping built with MSVC)
using a simple "nping -6 printer" command:
nping!_find_adapter_address(struct intf_handle * intf = 0x04139e20, char
* device = 0x00de9084 "\Device\NPF_{2FB5734B-AF48-
4BCC-B4A5-8859D074C093}")+0x9b
nping!intf_get_pcap_devname(char * intf_name = 0x00de9084
"\Device\NPF_{2FB5734B-AF48-4BCC-B4A5-8859D074C093}", char * pcapdev =
0x00d19104 "???", int pcapdevlen = 0n128)+0x6e
nping!eth_get_pcap_devname(char * intf_name = 0x00de9084
"\Device\NPF_{2FB5734B-AF48-4BCC-B4A5-8859D074C093}", char * pcapdev =
0x00d19104 "???", int pcapdevlen = 0n128)+0x14
nping!DnetName2PcapName(char * dnetdev = 0x00de9084
"\Device\NPF_{2FB5734B-AF48-4BCC-B4A5-8859D074C093}", char * pcapdev =
0x00d1f9d4 "???", int pcapdevlen = 0n128)+0xd9
nping!ProbeMode::start(void)+0x6a9
nping!main(int argc = 0n4, char ** argv = 0x03fb60e0)+0x22d
In libdnet-stripped\src\intf-win32.c and _find_adapter_address():
for (a = intf->iftable; a != NULL; a = a->Next) {
if (intf->ifcombo[type].idx[n].ipv4 == a->IfIndex &&
intf->ifcombo[type].idx[n].ipv6 == a->Ipv6IfIndex) {
return a;
'intf->ifcombo[type].idx' is NULL! Hence the crash.
Here is a list of my devices from 'nmap.exe --iflist'
Starting Nmap 6.47SVN ( http://nmap.org ) at 2015-03-05 12:36 CET
************************INTERFACES************************
DEV (SHORT) IP/MASK TYPE UP MTU MAC
eth0 (eth0) FE80::25B2:94E1:A00A:D355/64 ethernet down 1500
00:15:83:12:37:2F
eth0 (eth0) 169.254.211.85/4 ethernet down 1500
00:15:83:12:37:2F
eth1 (eth1) 10.0.0.11/4 ethernet down 1500
00:18:4D:00:DE:17
eth1 (eth1) 169.254.71.51/4 ethernet down 1500
00:18:4D:00:DE:17
eth2 (eth2) 10.0.0.10/24 ethernet up 1500
E0:3F:49:81:2E:EA
lo0 (lo0) ::1/128 loopback up -1
lo0 (lo0) 127.0.0.1/8 loopback up -1
tun0 (tun0) FE80::5EFE:A00:A/128 point2point down 1280
tun1 (tun1) 2001:0:9D38:90D7:31:1948:F5FF:FFF5/0 point2point up 1280
tun1 (tun1) FE80::31:1948:F5FF:FFF5/0 point2point up 1280
DEV WINDEVICE
eth0 \Device\NPF_{2FB5734B-AF48-4BCC-B4A5-8859D074C093}
eth0 \Device\NPF_{2FB5734B-AF48-4BCC-B4A5-8859D074C093}
eth1 \Device\NPF_{CCD22B2E-19F7-4F4A-92CF-2DDAAF0176AE}
eth1 \Device\NPF_{CCD22B2E-19F7-4F4A-92CF-2DDAAF0176AE}
eth2 \Device\NPF_{81B64062-5517-4460-88BD-ABEB0B8A16BA}
...
------------
Since the '\Device\NPF_{2FB5734B-AF48-4BCC-B4A5-8859D074C093}' (eth0) is
'down', the crash may have something to do with it.
I patched _find_adapter_address() to not touch
'intf->ifcombo[type].idx' if it is NULL. Work fine AFAICS.
BTW. Nmap had no problems before this patch.
--
--gv
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nping crash on Win-8.1 Gisle Vanem (Mar 05)
- Re: nping crash on Win-8.1 Daniel Miller (Mar 05)