On Wed, Sep 29, 2021 at 08:49:06AM -0700, JR Aquino wrote:
> Thanks Niklas!
>
> The patches apply, build, and run cleanly.
The patches did not make it to the list.
>
> The fix makes sense to incorporate in our OpenBSD port for nmap 7.91, but
> we should revisit it in the future with any new upstream releases in case
> there are subtle changes from what is in their github repo today.
>
> Unless anyone else has strong opinions, I'm good with the patches and would
> like to ask another port maintainer with CVS privileges to review and
> commit.
>
> -JR
>
> On Wed, Sep 29, 2021 at 8:37 AM Niklas Hallqvist <niklas@appli.se> wrote:
>
> > Hi!
> >
> > While testing 7.0 packages I got an nmap segfault. It has been fixed
> > upstream in their github, but I don't know if it's part of any release yet.
> >
> > However their fix may be incomplete as there are other opportunities for
> > a negative buffer overflow in nmap_dns.cc, at least without knowing all
> > callers of the ptrToIp method.
> >
> > I attach a patch that works for me (tm) as well as a patch to add a
> > debug package for nmap, which was needed for me to debug this issue.
> >
> > Even if its too late for 7.0, at least the segfault fix might make
> > 7.0-stable package, I reckon.
> >
> > The fault is indeterministic, and triggered by a PTR name being aligned
> > at the beginning of a page immediately preceded by an unmapped page.
> > The case which triggers it fairly often for me was just a nmap of a
> > single TCP port over some seven or so /24-networks.
> >
> > /Niklas
> >
No comments:
Post a Comment