On Wed, Sep 29, 2021 at 08:49:06AM -0700, JR Aquino wrote: > Thanks Niklas! > > The patches apply, build, and run cleanly.
The patches did not make it to the list. > > The fix makes sense to incorporate in our OpenBSD port for nmap 7.91, but > we should revisit it in the future with any new upstream releases in case > there are subtle changes from what is in their github repo today. > > Unless anyone else has strong opinions, I'm good with the patches and would > like to ask another port maintainer with CVS privileges to review and > commit. > > -JR > > On Wed, Sep 29, 2021 at 8:37 AM Niklas Hallqvist <nik...@appli.se> wrote: > > > Hi! > > > > While testing 7.0 packages I got an nmap segfault. It has been fixed > > upstream in their github, but I don't know if it's part of any release yet. > > > > However their fix may be incomplete as there are other opportunities for > > a negative buffer overflow in nmap_dns.cc, at least without knowing all > > callers of the ptrToIp method. > > > > I attach a patch that works for me (tm) as well as a patch to add a > > debug package for nmap, which was needed for me to debug this issue. > > > > Even if its too late for 7.0, at least the segfault fix might make > > 7.0-stable package, I reckon. > > > > The fault is indeterministic, and triggered by a PTR name being aligned > > at the beginning of a page immediately preceded by an unmapped page. > > The case which triggers it fairly often for me was just a nmap of a > > single TCP port over some seven or so /24-networks. > > > > /Niklas > >
