search

SylphiaWindy / fhscanhttplibrary

Automatically exported from code.google.com/p/fhscanhttplibrary
0 stars 0 forks source link

Invalid response->Data pointer #2

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Scan random HTTP server
2. sometimes HTTP core segfaults
3. If gdb is attached and fhscan compiled with debug information, the bug
points to an invalid memory access at DecodeChunk() function.

What is the expected output? What do you see instead?
run without problems

Please use labels and text to provide additional information.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb23a0b90 (LWP 22330)]
0x08050c23 in DecodeChunk (lpBuffer=0xffffffff <Address 0xffffffff out of
bounds>, encodedlen=146) at HTTPCore/Encoding_Chunked.cpp:78
78                              memcpy(chunkcode,encoded,MAX_CHUNK_LENGTH);
(gdb) backtrace
#0  0x08050c23 in DecodeChunk (lpBuffer=0xffffffff <Address 0xffffffff out
of bounds>, encodedlen=146) at HTTPCore/Encoding_Chunked.cpp:78
#1  0x08051058 in CBDecodeChunk (cbType=2, api=0x8aa8350, HTTPHandle=8,
request=0x8b9f1e0, response=0x8b9e0c8) at HTTPCore/Encoding_Chunked.cpp:160
#2  0x0804a7e2 in HTTPCALLBACK::DoCallBack (this=0x8aad670, cbType=2,
HTTPHandle=8, request=0x8b9f1e0, response=0x8b9e0c8) at
HTTPCore/CallBacks.cpp:154
#3  0x08056577 in HTTPAPI::DispatchHTTPRequest (this=0x8aa8350,
HTTPHandle=8, request=0x8b9f1e0) at HTTPCore/HTTP.cpp:479
#4  0x08056c97 in HTTPAPI::SendHttpRequest (this=0x8aa8350, HTTPHandle=8,
request=0x8b9f1e0, lpUsername=0x0, lpPassword=0x0) at HTTPCore/HTTP.cpp:747
#5  0x080571ff in HTTPAPI::SendHttpRequest (this=0x8aa8350, HTTPHandle=8,
VHost=0x0, HTTPMethod=0x806e9d1 "GET", lpPath=0x806e9ab "/", PostData=0x0,
PostDataSize=0, lpUsername=0x0, lpPassword=0x0)
    at HTTPCore/HTTP.cpp:852
#6  0x080573be in HTTPAPI::SendHttpRequest (this=0x8aa8350, HTTPHandle=8,
HTTPMethod=0x806e9d1 "GET", lpPath=0x806e9ab "/") at HTTPCore/HTTP.cpp:828
#7  0x0806477f in ScanHosts (ptr=0x8aa8350) at Scanner/FHScan.cpp:140
#8  0x006855ab in start_thread () from /lib/libpthread.so.0
#9  0x00604cfe in clone () from /lib/libc.so.6
(gdb)

(gdb) print response->HeaderSize
$12 = 171
(gdb) print response->Header
$13 = 0x9cd6e60 "HTTP/1.1 401 Unauthorized\r\nWWW-Authenticate: Basic
realm=\"P645ME+\"\r\nContent-Type: text/html\r\nTransfer-Encoding:
chunked\r\nServer: ZyXEL-RomPager/3.02\r\nConnection: close\r\n\r\n"
(gdb) print response->DataSize
$14 = 146
(gdb) print response->Data
$15 = 0xffffffff <Address 0xffffffff out of bounds>
(gdb)

The response->Data information is not valid, however its unsure if this is
caused by the filemapping function or by the ReadHTTPResponseData()

Original issue reported on code.google.com by atarasco@gmail.com on 17 Nov 2009 at 11:44

GoogleCodeExporter commented 8 years ago 
The issue was identified as a problem with the FileMapping module, when mmap 
returned
MAP_FAILED.

If the module fails the returned data is now set to NULL, so no this bug wont 
hit again.
However Its still unclear why sometimes mmap fails under linux.

Original comment by atarasco@gmail.com on 24 Nov 2009 at 1:44