-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Crash in display_nmap_version() #1112
Comments
Here is a patch that fixes the crash: --- a/nmap.cc 2018-01-22 21:49:31
+++ b/nmap.cc 2018-01-23 09:34:32
@@ -2749,14 +2749,35 @@
const char *pcap_version = pcap_lib_version();
#ifdef WIN32
+ const char *comma = NULL;
const char *pcap_num = strstr(pcap_version, "version ");
+ size_t str_len;
+
if (pcap_num) {
pcap_num += strlen("version ");
+ comma = strchr(pcap_num, ',');
+ }
+
+ if (comma)
+ {
+ /* E.g. pcap_num = "version 4.0, based on libpcap version 1.x.y"
+ */
+ str_len = strchr(pcap_num, ',') - pcap_num;
}
- std::string pcap_num_str (pcap_num, strchr(pcap_num, ',') - pcap_num);
+ else
+ {
+ /* E.g. pcap_num = "version libpcap version 1.9.0-PRE-GIT (packet.dll version 4.1.0.2980)"
+ */
+ while (!isdigit(*pcap_num))
+ pcap_num++;
+ str_len = strlen(pcap_num);
+ }
+
+ std::string pcap_num_str (pcap_num, str_len);
#else
std::string pcap_num_str = get_word_or_quote(pcap_version, 2);
#endif For me, using
I'm not sure if the |
Could you please provide the entire string returned by |
It is:
Yes, there are 2 |
I am thinking of making the code slightly more robust:
What if we do this instead? --- a/nmap.cc
+++ b/nmap.cc
@@ -2746,11 +2746,10 @@
const char *pcap_version = pcap_lib_version();
#ifdef WIN32
- const char *pcap_num = strstr(pcap_version, "version ");
- if (pcap_num) {
- pcap_num += strlen("version ");
- }
- std::string pcap_num_str (pcap_num, strchr(pcap_num, ',') - pcap_num);
+ const char *pcap_num = strpbrk(pcap_version, "0123456789");
+ if (pcap_num == NULL)
+ pcap_num = "(unknown)";
+ std::string pcap_num_str (pcap_num, strcspn(pcap_num, ","));
#else
std::string pcap_num_str = get_word_or_quote(pcap_version, 2);
#endif Tested cases:pcap_version: pcap_version: pcap_version: pcap_version: pcap_version: pcap_version: (empty string) |
Much better. I've tested your patch with the official libpcap and it works fine. |
Committed as r37128. Thank you for identifying the bug and the test strings. |
A simple
nmap -V
could cause a crash indisplay_nmap_version()
. The reason seems to be this piece of pcap-version code:When there's no comma after
pcap_num
, it tries to push_back an almost infinite string!When building with the internal Nmap
libpcap
, this does not happen. But when using the officiallibpcap
, it does. Blame the horrid WIN32 code inpcap_lib_version()
.(For me, it's no longer possible to build using MSVC-2017 and the internal
libpcap
).The text was updated successfully, but these errors were encountered: