Segmentation Fault when --top-ports is greater than 4260 (nmap --top-ports 4261 ... Segmentation fault)

[austinzwile]

See the following screenshot:

As you can see I am trying to do a --top-ports scan and I normally do 10,000 (--top-ports 10000) which doesn't fail. But today on a new distro upgrade and new nmap upgrade I try to run my normal top 10k port scan but it fails.

I binary searched my way until I find the exact number at which it's failing, which was 4,261. If I do 4260 it runs the scan fine, but if I do nmap --top-ports 4261 ... a segfault is triggered. This is specifically with the --top-ports flag.

If I try running nmap -p1-65535 ... it works fine. Same with the nmap -p- ... syntax. I'm no code expert but I think I remember seeing that the --top-ports ... flag converts into the nmap command into a really long string like this:

nmap -p 11,21,22,23,25,53,80,88,113,135-139,..

which might be causing the buffer overflow. This is just a guess on my part so don't put too much stock into it.

I wasn't sure if this was a weird zsh thing so I ran it under the regular shell and got the same result:

If any more information is needed please let me know and I'll be happy to provide it. Hopefully we can figure out what's going on. Thanks for your support!

[dmiller-nmap]

I can confirm this bug affects the current development version of Nmap. I will look into it.

[dmiller-nmap]

The problem was a missing brace around a decrement. Fix incoming.

[austinzwile]

Thanks y’all! Preciate the help.