New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nmap 7.80 segfault in http-robots.txt when scanning HP Printer #1723
Comments
Thanks for the report! What is the output between "Starting http-robots.txt" and "Segmentation fault" when you add Does this happen with Nmap 7.80 for Linux or other platforms besides Windows? |
The crash only occurs for me on Windows for some reason. Here are the --script-trace results on Windows 10 (crash) and then the same on Linux no crash: Windows 10 Scan --script-trace content:NSE: Script scanning 192.168.1.20. NSE: TCP 192.168.122.45:4533 > 192.168.1.20:80 | SEND NSE: TCP 192.168.122.45:4534 > 192.168.1.20:80 | SEND NSE: TCP 192.168.122.45:4535 > 192.168.1.20:80 | SEND Segmentation fault Fyodor@Doze81 ~ Nmap 7.80 on Linux (successful run) --script-trace output:NSE: Script scanning 192.168.1.20. NSOCK INFO [2.3390s] nsock_write(): Write request for 163 bytes to IOD #3 EID 35 [192.168.1.20:80] NSOCK INFO [2.3580s] nsock_read(): Read request from IOD #3 [192.168.1.20:80] (timeout: 7000ms) EID 50 NSE: TCP 192.168.1.232:47470 > 192.168.1.20:80 | CLOSE PORT STATE SERVICE NSE: Script Post-scanning. |
Assuming that the nmap process on Windows in fact received the HTTP response body before it crashed (and before it had a chance to flush the screen output buffer), then one suspect could be the zlib integration. Note that the HTTP response is using gzip content encoding. Unlike the HTTP library, zlib is a native code so a hard crash would be natural. There was no HTTP support for gzip in 7.70 so this would explain why the previous version works (although |
This is a result of several issues coming together in a perfect storm:
I'll be reconfiguring the Windows build to include Gzip support and to avoid the assembly code, as well as ensuring we are using best practice anti-exploitation settings like |
I haven't completely investigated this, but Nmap 7.80 on Windows 10 is crashing with a segfault when I scan my HP OfficeJet Pro 8720 against port 80 using the http-robots.txt script. I have tried using a Windows 10 VM and also Windows 10 on a Dell XPS 12 laptop. The bug might be in the HTTP library rather than the script. I do not get the crash when I scan using the same command with latest SVN build (9/3/19) from Linux. This seems to be a regression with Nmap 7.80 as it does not happen if I downgrade the Windows VM to Nmap version 7.70. I have attached a screenshot of the crash.
The text was updated successfully, but these errors were encountered: