search

drk1wi / portspoof

Portspoof
http://drk1wi.github.io/portspoof/
Other
964 stars 147 forks source link

Terminate called after throwing an instance of 'std::out_of_range' #9

Closed PherricOxide closed 11 years ago

PherricOxide commented 11 years ago

When attempting to figure out the cause of #8 I changed the args to,

./portspoof -v -f extra_files/fuzz_nmap_signatures -n extra_files/fuzz_payloads -1

Not entirely sure how the fuzzing stuff works yet, so I'm probably giving it bad arguments.. but I thought I'd report the crash anyway so you can add some better input validation.

Thread nr.0 for port 4444 
terminate called after throwing an instance of 'std::out_of_range'
  what():  basic_string::substr

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7ffff6fd6700 (LWP 10980)]
0x00007ffff7313037 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56  ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) backtrace 
#0  0x00007ffff7313037 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff7316698 in __GI_abort () at abort.c:90
#2  0x00007ffff7b37e8d in __gnu_cxx::__verbose_terminate_handler() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#3  0x00007ffff7b35f76 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#4  0x00007ffff7b35fa3 in std::terminate() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#5  0x00007ffff7b361de in __cxa_throw () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#6  0x00007ffff7b889ad in std::__throw_out_of_range(char const*) () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#7  0x00000000004091e2 in _M_check (__s=0x40a30e "basic_string::substr", __pos=<optimized out>, this=0x7ffff6fd5030) at /usr/include/c++/4.7/bits/basic_string.h:321
#8  substr (__n=2, __pos=<optimized out>, this=0x7ffff6fd5030) at /usr/include/c++/4.7/bits/basic_string.h:2205
#9  Utils::wrapNMAP (wrapper=..., payload=...) at Utils.cpp:105
#10 0x0000000000405f83 in Fuzzer::GetFUZZ (this=<optimized out>) at Fuzzer.cpp:195
#11 0x00000000004036f0 in Configuration::mapPort2Signature (this=<optimized out>, port=port@entry=4444) at Configuration.cpp:251
#12 0x000000000040556d in process_connection (arg=0x2ae0) at connection.cpp:206
#13 0x00007ffff76abf8e in start_thread (arg=0x7ffff6fd6700) at pthread_create.c:311
#14 0x00007ffff73d5e1d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
drk1wi commented 11 years ago

I have updatef the DOCS file : https://github.com/drk1wi/portspoof/blob/master/DOCS that explain the fuzzing approach that I have implemented. I know it might not be still perfect, but stil (if you have any suggestions please let me know)... but still, I was able to find really cool bugs with it ;)

drk1wi commented 11 years ago

This one was fixed with the https://github.com/drk1wi/portspoof/commit/35a1f3a7ba18e1dc8ab1aec1f243d7554a416764 commit.