[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Segmentation Fault in function traverseproto from lgc.c
- From: Seth Graham <sadgart@...>
- Date: Wed, 1 Sep 2010 02:19:20 +0200
Hi to all,
I write you a Segfault debug to improbe some solution. Lets go.
=========================================
aaru ~ # gdb /usr/bin/nmap
warning: Can not parse XML syscalls information; XML support was disabled at compile time.
GNU gdb (Gentoo 7.0.1 p1) 7.0.1
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.gentoo.org/>...
Reading symbols from /usr/bin/nmap...done.
(gdb) set args -n -sS -PS8080 -iR 0 --script=irc-proxy -p 8080
(gdb) run
Starting program: /usr/bin/nmap -n -sS -PS8080 -iR 0 --script=irc-proxy -p 8080
Starting Nmap 5.21 ( http://nmap.org ) at 2010-09-01 00:09 CEST
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
Program received signal SIGSEGV, Segmentation fault.
0xb7db55c5 in traverseproto (g=0x836a030, f=0x83b4eb8) at lgc.c:207
207 markvalue(g, &f->k[i]);
(gdb) bt
#0 0xb7db55c5 in traverseproto (g=0x836a030, f=0x83b4eb8) at lgc.c:207
#1 0xb7db5c4d in propagatemark (g=0x836a030) at lgc.c:310
#2 0xb7db6684 in singlestep (L=0x8369fc0) at lgc.c:566
#3 0xb7db682e in luaC_step (L=0x8369fc0) at lgc.c:617
#4 0xb7dadac5 in lua_pushlstring (L=0x8369fc0, s=0xbfff9c2c ":\321\360o\300\237\066\bd;:\b|;:\b\300\237\066\b\030q@\b\224\235\213\b", len=4) at lapi.c:447
#5 0x080bdad1 in set_hostinfo(lua_State*, Target*) ()
#6 0x080b477b in run_main(lua_State*) ()
#7 0xb7db3a4c in luaD_precall (L=0x8369fc0, func=0x83a3b34, nresults=0) at ldo.c:319
#8 0xb7db3c9e in luaD_call (L=0x8369fc0, func=0x83a3b34, nResults=0) at ldo.c:376
#9 0xb7dae7fd in f_Ccall (L=0x8369fc0, ud=0xbfff9e64) at lapi.c:846
#10 0xb7db2da1 in luaD_rawrunprotected (L=0x8369fc0, f=0xb7dae74a <f_Ccall>, ud=0xbfff9e64) at ldo.c:116
#11 0xb7db4069 in luaD_pcall (L=0x8369fc0, func=0xb7dae74a <f_Ccall>, u=0xbfff9e64, old_top=12, ef=0) at ldo.c:463
#12 0xb7dae85a in lua_cpcall (L=0x8369fc0, func=0x80b4625 <run_main(lua_State*)>, ud=0xbfffbe88) at lapi.c:856
#13 0x080b45c4 in script_scan(std::vector<Target*, std::allocator<Target*> >&) ()
#14 0x0806339b in nmap_main(int, char**) ()
#15 0x0805e470 in main ()
(gdb) bt full
#0 0xb7db55c5 in traverseproto (g=0x836a030, f=0x83b4eb8) at lgc.c:207
i = 0
#1 0xb7db5c4d in propagatemark (g=0x836a030) at lgc.c:310
p = 0x83b4eb8
o = 0x83b4eb8
#2 0xb7db6684 in singlestep (L=0x8369fc0) at lgc.c:566
g = 0x836a030
#3 0xb7db682e in luaC_step (L=0x8369fc0) at lgc.c:617
g = 0x836a030
lim = 448
#4 0xb7dadac5 in lua_pushlstring (L=0x8369fc0, s=0xbfff9c2c ":\321\360o\300\237\066\bd;:\b|;:\b\300\237\066\b\030q@\b\224\235\213\b", len=4) at lapi.c:447
No locals.
#5 0x080bdad1 in set_hostinfo(lua_State*, Target*) ()
No symbol table info available.
#6 0x080b477b in run_main(lua_State*) ()
No symbol table info available.
#7 0xb7db3a4c in luaD_precall (L=0x8369fc0, func=0x83a3b34, nresults=0) at ldo.c:319
ci = 0x81072a8
n = -1210365744
cl = 0x844b430
funcr = 12
#8 0xb7db3c9e in luaD_call (L=0x8369fc0, func=0x83a3b34, nResults=0) at ldo.c:376
No locals.
#9 0xb7dae7fd in f_Ccall (L=0x8369fc0, ud=0xbfff9e64) at lapi.c:846
c = 0xbfff9e64
cl = 0x844b430
#10 0xb7db2da1 in luaD_rawrunprotected (L=0x8369fc0, f=0xb7dae74a <f_Ccall>, ud=0xbfff9e64) at ldo.c:116
lj = {previous = 0x0, b = {{__jmpbuf = {-1210241036, 4096, 138169520, -1073766920, -120156276, -1313343076}, __mask_was_saved = 0, __saved_mask = {__val = {200, 143544128, 143560512, 143560512,
3081885361, 3081885344, 3081885184, 0, 0, 0, 0, 3082439430, 2, 1, 2, 135110906, 134746292, 0, 135110906, 3221200360, 3083318192, 16, 2049, 16408, 143756920, 143527776, 0, 17,
536979648, 3083318144, 3083313140, 3083318144}}}}, status = 0}
#11 0xb7db4069 in luaD_pcall (L=0x8369fc0, func=0xb7dae74a <f_Ccall>, u=0xbfff9e64, old_top=12, ef=0) at ldo.c:463
status = -1212515300
oldnCcalls = 0
old_ci = 0
old_allowhooks = 1 '\001'
old_errfunc = 0
#12 0xb7dae85a in lua_cpcall (L=0x8369fc0, func=0x80b4625 <run_main(lua_State*)>, ud=0xbfffbe88) at lapi.c:856
c = {func = 0x80b4625 <run_main(lua_State*)>, ud = 0xbfffbe88}
status = 134746292
#13 0x080b45c4 in script_scan(std::vector<Target*, std::allocator<Target*> >&) ()
No symbol table info available.
#14 0x0806339b in nmap_main(int, char**) ()
No symbol table info available.
#15 0x0805e470 in main ()
No symbol table info available.
(gdb)
=================================================
The irc-proxy script is:
============================
description=[[
Checks if an HTTP proxy has method CONNECT for IRC servers.
Always use the 6667 port, fixed at /usr/share/nmap/nselib/proxy.lua in test_connect_irc function.
]]
---
-- @args proxy.url Url that will be requested to the proxy
-- @output
-- Redrum <redrum@eggdrop.es>
-- @usage
-- nmap --script irc-proxy
author = "RedRum"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "external", "intrusive"}
require "shortport"
require "proxy"
require "os"
portrule = shortport.port_or_service({8123,3128,8000,8080},{'polipo','squid-http','http-proxy'})
local function send(socket, str)
socket:send(str)
stdnse.print_debug(">> " .. str)
end
local function receive(socket)
local _, str_
os.execute("sleep 5")
_, str = socket:receive()
stdnse.print_debug("<< " .. str)
return str
end
local function check_code(result)
if result then
if result:match( "\r?\n\r?\n" ) then
result = result:match( "^(.-)\r?\n\r?\n(.*)$" )
end
if string.match(result:lower(),"^http/%d\.%d%s*200") then return true end
end
return false
end
local function check_gline(result)
if result then
if string.match(result:lower(),"(.*)error(.*)g-lined(.*)") then return true end
end
return false
end
action = "" port)
local result = ""
stdnse.print_debug("##################################")
local socket = nmap.new_socket()
socket:set_timeout(10000)
local try = nmap.new_try(function() socket:close() end)
try(socket:connect(host.ip, port.number))
if socket then
local str
send(socket, "CONNECT foo.bar:6667 HTTP/1.0\r\n\r\n")
str = receive(socket)
if check_code(str) then
result = "Connection to HISPANO"
send(socket, "USER ident 8 * :name\r\n")
send(socket, "NICK nick\r\n\r\n")
str = receive(socket)
send(socket, "PONG :" .. string.sub(str, -18, -2) .. "\r\n")
str = receive(socket)
if check_gline(str) then
result = result .. " is G-lined\n"
else
result = result .. " is ESTABLISHED!! <- " .. host.ip .. ":" .. port.number .. "\n" .. str .. "\n"
end
else
result = "Method CONNECT not supported\n"
end
socket:close()
end
stdnse.print_debug("##################################")
return result
end
===================================
Some tip to work in correct way?
Thks!