Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid accessing NULL when ipv6 is disabled but ipv6 args or options are used #471

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Avoid accessing NULL when ipv6 is disabled but ipv6 args or options are used #471

wants to merge 3 commits into from

Conversation

ghost
Copy link

@ghost ghost commented Jul 23, 2016
edited by ghost

This fix is intended to prevent a segmentation fault.
Here is how I understood it:

In TargetGroup.cc:661 :
result << inet_ntop_ez((struct sockaddr_storage *) &this->addr, sizeof(this->addr)) << "/" << bits;
Here, inet_ntop_ez returns NULL because IPV6 is disabled by default. The calling function (or parent) NetBlockIPv6Netmask::str() return result.str() which produces a segmentation fault.

With this fix, inet_ntop_ez do not check if IPv6 is disabled, so it will return the address even if it's disabled, then the check will be made by the parent calling function TargetGroup::get_next_host (targets.cc:392). Before, this->netblock->str().c_str() was causing the crash, now the error handles it normally, telling you to add -6 option if you didn't, and if you do nmap.cc will yell at you at line 1045 because you don't have IPv6 enabled.

Waiting for feedback,
Cheers

Possible fix to issue #328
dec520b 
This fix is intended to prevent a segmentation fault.
@dmiller-nmap
Copy link

Related #328

@dmiller-nmap
Copy link

@W0naN0w I don't see how this is really related, but it may be a needed change anyway. Can you detail here the configure options and Nmap command you used to trigger the crash? Thanks.

@ghost
Copy link
Author

ghost commented Jul 24, 2016

Hello @dmiller-nmap, I configured Nmap this way: ./configure --disable-ipv6 as you suggested. I then used ./nmap 2a00:1450:400b:c03:0:0:0:63 after make, which was producing a segmentation fault, but now warns that we need the -6 option. So if I enter ./nmap -6 2a00:1450:400b:c03:0:0:0:63 now, Nmap will yell that my libpcap does not have IPv6 enabled:

I am afraid IPv6 is not available because your host doesn't support it or you chose to compile Nmap w/o IPv6 support.
QUITTING!

What options could I use to produce the crash you want to fix, please?

Dumont added 2 commits August 9, 2016 11:45
Get back to the original
71ff3cd
Add the target expression to TargetGroup
9b85943 
This is to prevent accessing NULL in some weird situations, like
when you disable ipv6 but use ipv6 adresses or options.
@ghost
Copy link
Author

ghost commented Aug 9, 2016
edited by ghost

That's it, we now have a reasonable fix. I just don't understand why the travis build failed... Waiting for feedback!

@ghost ghost changed the title Possible fix to issue #328 Avoid accessing NULL when ipv6 is disabled but ipv6 args or options are used Aug 9, 2016
@Varunram Varunram mentioned this pull request Mar 23, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@dmiller-nmap