Debian Bug report logs - #418655
"glibc detected *** free(): invalid pointer [...]" when scanning some ranges with -v

version graph

Package: nbtscan; Maintainer for nbtscan is Jochen Friedrich <jochen@scram.de>; Source for nbtscan is src:nbtscan.

Reported by: Filipus Klutiero <cheal@hotpop.com>

Date: Wed, 11 Apr 2007 01:51:01 UTC

Severity: normal

Found in version nbtscan/1.5.1-2.1

Fixed in version nbtscan/1.5.1-4

Done: Jochen Friedrich <jochen@scram.de>

Bug is archived. No further changes may be made.

Full log


Message #10 received at 418655@bugs.debian.org (full text, mbox):

Received: (at 418655) by bugs.debian.org; 20 Jan 2008 23:03:09 +0000
From walter@wjd.nu Sun Jan 20 23:03:09 2008
X-Spam-Checker-Version: SpamAssassin 3.1.4-bugs.debian.org_2005_01_02 
	(2006-07-26) on rietz.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=0.1 required=4.0 tests=BAYES_00,FORGED_RCVD_HELO,
	FOURLA,IMPRONONCABLE_1,IMPRONONCABLE_2,MURPHY_DRUGS_REL8,
	MURPHY_WRONG_WORD2,NO_REAL_NAME autolearn=no 
	version=3.1.4-bugs.debian.org_2005_01_02
Return-path: <walter@wjd.nu>
Received: from flint.service.rug.nl ([129.125.36.9])
	by rietz.debian.org with esmtp (Exim 4.63)
	(envelope-from <walter@wjd.nu>)
	id 1JGjC1-0007il-21
	for 418655@bugs.debian.org; Sun, 20 Jan 2008 23:03:09 +0000
Received: from wza.selwerd.lan (flits103-130.flits.rug.nl [129.125.103.130])
	by flint.service.rug.nl (8.12.10.Beta2/8.12.10.Beta2) with ESMTP id m0KN2uBw000848;
	Mon, 21 Jan 2008 00:02:56 +0100 (MET)
Received: from www-data by wza.selwerd.lan with local (Exim 4.63)
	(envelope-from <walter@wjd.nu>)
	id 1JGjBo-00076N-34; Mon, 21 Jan 2008 00:02:56 +0100
Received: from 85.145.139.146
        (SquirrelMail authenticated user walter)
        by mail.wjd.nu with HTTP;
        Mon, 21 Jan 2008 00:02:56 +0100 (CET)
Message-ID: <4214.85.145.139.146.1200870176.squirrel@mail.wjd.nu>
Date: Mon, 21 Jan 2008 00:02:56 +0100 (CET)
From: walter@wjd.nu
To: 418655@bugs.debian.org
Cc: "Filipus Klutiero" <cheal@hotpop.com>
User-Agent: SquirrelMail/1.4.9a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: walter@wjd.nu
Subject: Re: "glibc detected *** free(): invalid pointer [...]" when 
     scanning some ranges with -v
X-SA-Exim-Version: 4.2.1 (built Tue, 09 Jan 2007 17:23:22 +0000)
X-SA-Exim-Scanned: Yes (on wza.selwerd.lan)
For me, the attached patch fixes it.
Memory gets overwritten by an off-by-one error.


---------------------------- Original Message ----------------------------
Subject: nbtscan 1.5.1 patch
From:    walter@wjd.nu
Date:    Sun, January 20, 2008 23:56
To:      "Alla Bezroutchko" <alla@inetcat.net>
Cc:      "Jochen Friedrich" <jochen@scram.de>
--------------------------------------------------------------------------

Hi Alla Bezroutchko,

I've got a bugreport and a fix for nbtscan 1.5.1 (debian version 1.5.1-2.1).


THE BUG SYMPTOMS
================

root@wza:0:/home/walter/src/nbtscan-1.5.1.mine# ./nbtscan 10.102.221.1-2
-s : -v
10.102.221.1:WZA            :00U
10.102.221.1:WZA            :03U
10.102.221.1:WZA            :20U
10.102.221.1:HARDWIRE       :1eG
10.102.221.1:MAC:00:00:00:00:00:00
10.102.221.2:DEUS           :00U
10.102.221.2:DEUS           :03U
10.102.221.2:DEUS           :20U
10.102.221.2:DEUS           :00U
10.102.221.2:DEUS           :03U
10.102.221.2:DEUS           :20U
10.102.221.2:__MSBROWSE__:01G
10.102.221.2:MSHOME         :1eG
10.102.221.2:MSHOME         :00G
10.102.221.2:MSHOME         :1dU
10.102.221.2:MSHOME         :1eG
10.102.221.2:MSHOME         :00G
10.102.221.2:MAC:00:00:00:00:00:00
*** glibc detected *** free(): invalid pointer: 0x0804e020 ***
Aborted (core dumped)


THE CAUSE
=========

An off by one error. name[16] is set to 0, but name is only 16 bytes long.


OTHER PROBLEMS
==============

www.inetcat.org seems to have changed to www.inetcat.net.


THE PATCH
=========

diff -urw nbtscan-1.5.1/debian/watch nbtscan-1.5.1.mine/debian/watch
--- nbtscan-1.5.1/debian/watch  2008-01-20 17:52:24.000000000 +0100
+++ nbtscan-1.5.1.mine/debian/watch     2008-01-20 23:49:02.000000000 +0100
@@ -2,4 +2,4 @@
 # Rename this file to "watch" and then you can run the "uscan" command
 # to check for upstream updates and more.
 # Site         Directory               Pattern                 Version
Script
-http://www.inetcat.org /software       nbtscan-(.*)\.tar\.gz   debian
uupdate
+http://www.inetcat.net /software       nbtscan-(.*)\.tar\.gz   debian
uupdate
diff -urw nbtscan-1.5.1/nbtscan.c nbtscan-1.5.1.mine/nbtscan.c
--- nbtscan-1.5.1/nbtscan.c     2008-01-20 17:52:24.000000000 +0100
+++ nbtscan-1.5.1.mine/nbtscan.c        2008-01-20 23:47:16.000000000 +0100
@@ -170,7 +170,7 @@
     for(i=0; i< hostinfo->header->number_of_names; i++) {
       service = hostinfo->names[i].ascii_name[15];
       strncpy(name, hostinfo->names[i].ascii_name, 15);
-      name[16]=0;
+      name[15]=0;
       unique = !(hostinfo->names[i].rr_flags & 0x0080);
       if(sf) {
        printf("%s%s%s%s", inet_ntoa(addr), sf, name, sf);
diff -urw nbtscan-1.5.1/README nbtscan-1.5.1.mine/README
--- nbtscan-1.5.1/README        2003-06-06 14:19:22.000000000 +0200
+++ nbtscan-1.5.1.mine/README   2008-01-20 18:37:45.000000000 +0100
@@ -7,7 +7,7 @@
 NetBIOS computer name, logged-in user name and MAC address
 (such as Ethernet).

-See http://www.inetcat.org/software/nbtscan.html for
+See http://www.inetcat.net/software/nbtscan.html for
 NBTscan homepage.

 LICENSE.
@@ -120,5 +120,5 @@
 address being 00-00-00-00-00-00. This is because Samba sends
 that as MAC address. Nbtscan just displays what it gets.

-Report bugs to alla@inetcat.org (that's me). I cannot promise to
+Report bugs to alla@inetcat.net (that's me). I cannot promise to
 do anything but I might well want fix it. Remember: no warranty.



GREETINGS
=========

Thanks for nbtscan. Enjoy the patch :)

Friendly greetings,
Walter Doekes






Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 08:46:45 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.