The version of nmap in ports is the last one under the old licence. I'd
like if someone who knows about such things could review the new nmap
licence before we start taking diffs from anything newer (we might want to
stop distributing packages).
--
Sent from a phone, apologies for poor formatting.
On 29 September 2021 16:50:22 JR Aquino <tanawts@gmail.com> wrote:
> Thanks Niklas!
>
> The patches apply, build, and run cleanly.
>
> The fix makes sense to incorporate in our OpenBSD port for nmap 7.91, but
> we should revisit it in the future with any new upstream releases in case
> there are subtle changes from what is in their github repo today.
>
> Unless anyone else has strong opinions, I'm good with the patches and would
> like to ask another port maintainer with CVS privileges to review and
> commit.
>
> -JR
>
> On Wed, Sep 29, 2021 at 8:37 AM Niklas Hallqvist <niklas@appli.se> wrote:
>
>> Hi!
>>
>> While testing 7.0 packages I got an nmap segfault. It has been fixed
>> upstream in their github, but I don't know if it's part of any release yet.
>>
>> However their fix may be incomplete as there are other opportunities for
>> a negative buffer overflow in nmap_dns.cc, at least without knowing all
>> callers of the ptrToIp method.
>>
>> I attach a patch that works for me (tm) as well as a patch to add a
>> debug package for nmap, which was needed for me to debug this issue.
>>
>> Even if its too late for 7.0, at least the segfault fix might make
>> 7.0-stable package, I reckon.
>>
>> The fault is indeterministic, and triggered by a PTR name being aligned
>> at the beginning of a page immediately preceded by an unmapped page.
>> The case which triggers it fairly often for me was just a nmap of a
>> single TCP port over some seven or so /24-networks.
>>
>> /Niklas
>>
No comments:
Post a Comment