jaygreig86 / dmitry

DMitry (Deepmagic Information Gathering Tool)
http://www.mor-pah.net
GNU General Public License v2.0
204 stars 44 forks source link

Segfault on specific domains #8

Open AsenOsen opened 3 years ago

AsenOsen commented 3 years ago

Did not dig into it, but some domains - like pftech.xyz provokes segmentation fault

petterreinholdtsen commented 4 months ago

I can reproduce the error. This is the last of the valgrind output when it crashes:

��rieԿ�d domxyz.whois-serverpftech.xyzs.---------------------------------
*** stack smashing detected ***: terminated
==89318== 
==89318== Process terminating with default action of signal 6 (SIGABRT)
==89318==    at 0x4924E2C: __pthread_kill_implementation (pthread_kill.c:44)
==89318==    by 0x48D5FB1: raise (raise.c:26)
==89318==    by 0x48C0471: abort (abort.c:79)
==89318==    by 0x491942F: __libc_message (libc_fatal.c:155)
==89318==    by 0x49B20F1: __fortify_fail (fortify_fail.c:26)
==89318==    by 0x49B20CF: __stack_chk_fail (stack_chk_fail.c:24)
==89318==    by 0x10BD49: ??? (in /usr/bin/dmitry)
==89318==    by 0x697265757110BE74: ???
==89318==    by 0x69616D6F64206464: ???
==89318==    by 0x6E206E1FFEFFF93F: ???
==89318==    by 0x3A65636E69766F71: ???
==89318==    by 0x6C6174697061431F: ???
==89318== 
==89318== HEAP SUMMARY:
==89318==     in use at exit: 28,499 bytes in 92 blocks
==89318==   total heap usage: 1,072 allocs, 980 frees, 126,699 bytes allocated
==89318== 
==89318== LEAK SUMMARY:
==89318==    definitely lost: 0 bytes in 0 blocks
==89318==    indirectly lost: 0 bytes in 0 blocks
==89318==      possibly lost: 4,996 bytes in 22 blocks
==89318==    still reachable: 23,503 bytes in 70 blocks
==89318==         suppressed: 0 bytes in 0 blocks
==89318== Rerun with --leak-check=full to see details of leaked memory
==89318== 
==89318== Use --track-origins=yes to see where uninitialised values come from
==89318== For lists of detected and suppressed errors, rerun with: -s
==89318== ERROR SUMMARY: 3216 errors from 18 contexts (suppressed: 0 from 0)
Aborted (core dumped)
petterreinholdtsen commented 4 months ago

When running on a version where the changes in the open pull requests (as in the latest Debian upload) have been applied, the crash no longer happen:

% valgrind ./dmitry pftech.xyz
==109414== Memcheck, a memory error detector
==109414== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==109414== Using Valgrind-3.19.0 and LibVEX; rerun with -h for copyright info
==109414== Command: ./dmitry pftech.xyz
==109414== 
Deepmagic Information Gathering Tool
"There be some deep magic going on"

ERROR: Unable to locate Host IP addr. for pftech.xyz
Continuing with limited modules
HostIP:
HostName:pftech.xyz

Gathered Inic-whois information for pftech.xyz
---------------------------------
Domain Name: PFTECH.XYZ
Registry Domain ID: D148292846-CNIC
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://namecheap.com
Updated Date: 2023-12-07T10:53:46.0Z
Creation Date: 2019-11-27T13:56:57.0Z
Registry Expiry Date: 2024-11-27T23:59:59.0Z
Registrar: Namecheap
Registrar IANA ID: 1068
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
==109414== Conditional jump or move depends on uninitialised value(s)
==109414==    at 0x48467E5: __strlen_sse2 (vg_replace_strmem.c:496)
==109414==    by 0x10BB87: nic_format_buff (nwhois.c:138)
==109414==    by 0x10BE04: nic_string_search (nwhois.c:66)
==109414==    by 0x10BF82: get_nwhois (nwhois.c:40)
==109414==    by 0x10A747: main (dmitry.c:165)
==109414== 
==109414== Conditional jump or move depends on uninitialised value(s)
==109414==    at 0x48467F8: __strlen_sse2 (vg_replace_strmem.c:496)
==109414==    by 0x10BB87: nic_format_buff (nwhois.c:138)
==109414==    by 0x10BE04: nic_string_search (nwhois.c:66)
==109414==    by 0x10BF82: get_nwhois (nwhois.c:40)
==109414==    by 0x10A747: main (dmitry.c:165)
==109414== 
==109414== Conditional jump or move depends on uninitialised value(s)
==109414==    at 0x48467E5: __strlen_sse2 (vg_replace_strmem.c:496)
==109414==    by 0x10BB9E: nic_format_buff (nwhois.c:140)
==109414==    by 0x10BE04: nic_string_search (nwhois.c:66)
==109414==    by 0x10BF82: get_nwhois (nwhois.c:40)
==109414==    by 0x10A747: main (dmitry.c:165)
==109414== 
==109414== Conditional jump or move depends on uninitialised value(s)
==109414==    at 0x48467F8: __strlen_sse2 (vg_replace_strmem.c:496)
==109414==    by 0x10BB9E: nic_format_buff (nwhois.c:140)
==109414==    by 0x10BE04: nic_string_search (nwhois.c:66)
==109414==    by 0x10BF82: get_nwhois (nwhois.c:40)
==109414==    by 0x10A747: main (dmitry.c:165)
==109414== 
==109414== Conditional jump or move depends on uninitialised value(s)
==109414==    at 0x48467E5: __strlen_sse2 (vg_replace_strmem.c:496)
==109414==    by 0x48F8257: __vfprintf_internal (vfprintf-process-arg.c:397)
==109414==    by 0x49B0926: __printf_chk (printf_chk.c:33)
==109414==    by 0x10A9B2: printf (stdio2.h:86)
==109414==    by 0x10A9B2: print_line (output.c:29)
==109414==    by 0x10BBFD: nic_format_buff (nwhois.c:130)
==109414==    by 0x10BE04: nic_string_search (nwhois.c:66)
==109414==    by 0x10BF82: get_nwhois (nwhois.c:40)
==109414==    by 0x10A747: main (dmitry.c:165)
==109414== 
==109414== Conditional jump or move depends on uninitialised value(s)
==109414==    at 0x48467F8: __strlen_sse2 (vg_replace_strmem.c:496)
==109414==    by 0x48F8257: __vfprintf_internal (vfprintf-process-arg.c:397)
==109414==    by 0x49B0926: __printf_chk (printf_chk.c:33)
==109414==    by 0x10A9B2: printf (stdio2.h:86)
==109414==    by 0x10A9B2: print_line (output.c:29)
==109414==    by 0x10BBFD: nic_format_buff (nwhois.c:130)
==109414==    by 0x10BE04: nic_string_search (nwhois.c:66)
==109414==    by 0x10BF82: get_nwhois (nwhois.c:40)
==109414==    by 0x10A747: main (dmitry.c:165)
==109414== 
==109414== Conditional jump or move depends on uninitialised value(s)
==109414==    at 0x491B5CC: _IO_new_file_xsputn (fileops.c:1218)
==109414==    by 0x491B5CC: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1196)
==109414==    by 0x48F80FE: outstring_func (vfprintf-internal.c:239)
==109414==    by 0x48F80FE: __vfprintf_internal (vfprintf-process-arg.c:421)
==109414==    by 0x49B0926: __printf_chk (printf_chk.c:33)
==109414==    by 0x10A9B2: printf (stdio2.h:86)
==109414==    by 0x10A9B2: print_line (output.c:29)
==109414==    by 0x10BBFD: nic_format_buff (nwhois.c:130)
==109414==    by 0x10BE04: nic_string_search (nwhois.c:66)
==109414==    by 0x10BF82: get_nwhois (nwhois.c:40)
==109414==    by 0x10A747: main (dmitry.c:165)
==109414== 
==109414== Syscall param write(buf) points to uninitialised byte(s)
==109414==    at 0x4992240: write (write.c:26)
==109414==    by 0x491AFC4: _IO_file_write@@GLIBC_2.2.5 (fileops.c:1180)
==109414==    by 0x491A37F: new_do_write (fileops.c:448)
==109414==    by 0x491BFD8: _IO_do_write@@GLIBC_2.2.5 (fileops.c:425)
==109414==    by 0x491B63D: _IO_new_file_xsputn (fileops.c:1243)
==109414==    by 0x491B63D: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1196)
==109414==    by 0x48F69DC: outstring_func (vfprintf-internal.c:239)
==109414==    by 0x48F69DC: __vfprintf_internal (vfprintf-internal.c:1096)
==109414==    by 0x49B0926: __printf_chk (printf_chk.c:33)
==109414==    by 0x10A9B2: printf (stdio2.h:86)
==109414==    by 0x10A9B2: print_line (output.c:29)
==109414==    by 0x10BBFD: nic_format_buff (nwhois.c:130)
==109414==    by 0x10BE04: nic_string_search (nwhois.c:66)
==109414==    by 0x10BF82: get_nwhois (nwhois.c:40)
==109414==    by 0x10A747: main (dmitry.c:165)
==109414==  Address 0x4a7e040 is 0 bytes inside a block of size 1,024 alloc'd
==109414==    at 0x48407B4: malloc (vg_replace_malloc.c:381)
==109414==    by 0x490F8CB: _IO_file_doallocate (filedoalloc.c:101)
==109414==    by 0x491D0AF: _IO_doallocbuf (genops.c:347)
==109414==    by 0x491D0AF: _IO_doallocbuf (genops.c:342)
==109414==    by 0x491C477: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:744)
==109414==    by 0x491B63D: _IO_new_file_xsputn (fileops.c:1243)
==109414==    by 0x491B63D: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1196)
==109414==    by 0x4911A47: puts (ioputs.c:40)
==109414==    by 0x10A2D4: printf (stdio2.h:86)
==109414==    by 0x10A2D4: main (dmitry.c:28)
==109414== 
Registrant State/Province: Capital Region
Registrant Country: IS
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DORTHY.NS.CLOUDFLARE.COM
Name Server: ETHAN.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2024-07-13T07:42:08.0Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<

The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)

Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.

Gathered Netcraft information for pftech.xyz
---------------------------------

Retrieving Netcraft.com information for pftech.xyz
Netcraft.com Information gathered

Gathered Subdomain information for pftech.xyz
---------------------------------
Searching Google.com:80...
Searching Altavista.com:80...
Found 0 possible subdomain(s) for host pftech.xyz, Searched 0 pages containing 0 results

Gathered E-Mail information for pftech.xyz
---------------------------------
Searching Google.com:80...
Searching Altavista.com:80...
Found 0 E-Mail(s) for host pftech.xyz, Searched 0 pages containing 0 results

All scans completed, exiting
==109414== 
==109414== HEAP SUMMARY:
==109414==     in use at exit: 5,130 bytes in 12 blocks
==109414==   total heap usage: 1,092 allocs, 1,080 frees, 149,869 bytes allocated
==109414== 
==109414== LEAK SUMMARY:
==109414==    definitely lost: 0 bytes in 0 blocks
==109414==    indirectly lost: 0 bytes in 0 blocks
==109414==      possibly lost: 0 bytes in 0 blocks
==109414==    still reachable: 5,130 bytes in 12 blocks
==109414==         suppressed: 0 bytes in 0 blocks
==109414== Rerun with --leak-check=full to see details of leaked memory
==109414== 
==109414== Use --track-origins=yes to see where uninitialised values come from
==109414== For lists of detected and suppressed errors, rerun with: -s
==109414== ERROR SUMMARY: 13920 errors from 8 contexts (suppressed: 0 from 0)
%