Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NMAP crash with ssh-auth-methods.nse (patch included) #1077

Closed
sethrandall opened this issue Dec 4, 2017 · 3 comments

Comments

Projects
None yet
3 participants
@sethrandall
Copy link

commented Dec 4, 2017

When testing ssh-auth-methods.nse against non-standard ports, I forgot to specify ports and NMAP crashed. I have narrowed it down to running the script against port 139. I ran a debug and found the crash appears to be caused by a double free of session data. This appears to be due to a session pointer not being NULLed after the session is freed. Attached is a patch that appears to fix the issue.
nse_libssh2-session-null.txt

@sethrandall sethrandall changed the title NMAP crash with ssh-auth-methods.nse NMAP crash with ssh-auth-methods.nse (patch included) Dec 13, 2017

@landgraf

This comment has been minimized.

Copy link

commented May 2, 2019

This was fixed in 350bbe0

@landgraf

This comment has been minimized.

Copy link

commented May 2, 2019

@dmiller-nmap can you close the issue since you've commited the fix? :)

@dmiller-nmap

This comment has been minimized.

Copy link

commented May 17, 2019

Thanks!

nmap-bot pushed a commit that referenced this issue May 17, 2019

CHANGELOG entry for #1077
This was reported, with a correct patch, back in December 2017, and I
rediscovered the issue and came up with the same patch in r37532 in
November 2018. Full credit should go to Seth Randall.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.