Thanks Niklas!
The patches apply, build, and run cleanly.
The fix makes sense to incorporate in our OpenBSD port for nmap 7.91, but
we should revisit it in the future with any new upstream releases in case
there are subtle changes from what is in their github repo today.
Unless anyone else has strong opinions, I'm good with the patches and would
like to ask another port maintainer with CVS privileges to review and
commit.
-JR
On Wed, Sep 29, 2021 at 8:37 AM Niklas Hallqvist <niklas@appli.se> wrote:
> Hi!
>
> While testing 7.0 packages I got an nmap segfault. It has been fixed
> upstream in their github, but I don't know if it's part of any release yet.
>
> However their fix may be incomplete as there are other opportunities for
> a negative buffer overflow in nmap_dns.cc, at least without knowing all
> callers of the ptrToIp method.
>
> I attach a patch that works for me (tm) as well as a patch to add a
> debug package for nmap, which was needed for me to debug this issue.
>
> Even if its too late for 7.0, at least the segfault fix might make
> 7.0-stable package, I reckon.
>
> The fault is indeterministic, and triggered by a PTR name being aligned
> at the beginning of a page immediately preceded by an unmapped page.
> The case which triggers it fairly often for me was just a nmap of a
> single TCP port over some seven or so /24-networks.
>
> /Niklas
>
No comments:
Post a Comment