You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When testing ssh-auth-methods.nse against non-standard ports, I forgot to specify ports and NMAP crashed. I have narrowed it down to running the script against port 139. I ran a debug and found the crash appears to be caused by a double free of session data. This appears to be due to a session pointer not being NULLed after the session is freed. Attached is a patch that appears to fix the issue. nse_libssh2-session-null.txt
The text was updated successfully, but these errors were encountered:
sethrandall
changed the title
NMAP crash with ssh-auth-methods.nse
NMAP crash with ssh-auth-methods.nse (patch included)
Dec 13, 2017
This was reported, with a correct patch, back in December 2017, and I
rediscovered the issue and came up with the same patch in r37532 in
November 2018. Full credit should go to Seth Randall.
When testing ssh-auth-methods.nse against non-standard ports, I forgot to specify ports and NMAP crashed. I have narrowed it down to running the script against port 139. I ran a debug and found the crash appears to be caused by a double free of session data. This appears to be due to a session pointer not being NULLed after the session is freed. Attached is a patch that appears to fix the issue.
nse_libssh2-session-null.txt
The text was updated successfully, but these errors were encountered: