hubert3
commented
8 years ago The version of ike-scan that's currently in Ubuntu (1.9) does not have this issue.
Closed hubert3 closed 3 years ago
hubert3
commented
8 years ago The version of ike-scan that's currently in Ubuntu (1.9) does not have this issue.
royhills
commented
8 years ago Thanks for reporting this issue. I can reproduce it on my development system running Debian Jessie, so it looks like a regression since the last official release.
root@jessie:/home/rsh/ike-scan# gdb ./ike-scan GNU gdb (Debian 7.7.1+dfsg-5) 7.7.1 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/. Find the GDB manual and other documentation resources online at: http://www.gnu.org/software/gdb/documentation/. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ./ike-scan...done. (gdb) run 192.168.124.0/24 Starting program: /home/rsh/ike-scan/ike-scan 192.168.124.0/24
Program received signal SIGSEGV, Segmentation fault. add_host (name=name@entry=0x7ffffffed380 "192.168.124.0", timeout=timeout@entry=500, num_hosts=num_hosts@entry=0x7ffffffed538, cookie_data=cookie_data@entry=0x0, cookie_data_len=cookie_data_len@entry=0, numeric_only=numeric_only@entry=1) at ike-scan.c:1331 1331 memcpy(&(he->addr), hp->h_addr_list[0], sizeof(struct in_addr)); (gdb)
dfelsch
commented
7 years ago If you start the tool with -N (or --nodns), then it works as expected. In line 1328, the wrong flag is evaluated. Then it's trying to take the IP from a null pointer and segfaults of course.
royhills
commented
7 years ago Hopefully fixed by commit c1a31cf
https://github.com/royhills/ike-scan/commit/c1a31cfb3e3e9596b5bd2a62523555e3be945562
twright-0x1
commented
3 years ago This bug appears to still be in effect. I'm working with ike-scan 1.9.4 on the latest Kali Linux Rolling and get a segfault anytime I try to scan an IP address range.
Per the comment from dfelsch earlier, the -N option is an effective workaround.
royhills
commented
3 years ago I can't reproduce this bug after commit https://github.com/royhills/ike-scan/commit/c1a31cfb3e3e9596b5bd2a62523555e3be945562
sudo ./ike-scan 192.168.1.0/24 runs without error on the latest git version on Debian Buster and I expect it will run on other OSes as well because the range/netmask code is not OS dependent.
Have you tried using the latest version from github? Please do let me know if that errors as well because it really shouldn't.
twright-0x1
commented
3 years ago Ah! My apologies: you are correct that the latest version from GitHub does not have this bug. I put too much faith in the notion that Kali's version 1.9.4 is equivalent to the 1.9.4 in GitHub.
royhills
commented
3 years ago Thanks for the confirmation. I'll increment the version number to make it clear that there has been significant change since 1.9.4.
royhills
commented
3 years ago Confirmed as fixed. Version incremented to 1.9.5 and corresponding tag created.
Compiled latest source from github. Only specifying single IPs as targets seems to work.
./ike-scan 172.16.0.0-172.16.255.255 Segmentation fault (core dumped)
./ike-scan 172.16.0.0/24 Segmentation fault (core dumped)
./ike-scan 172.16.0.1 Starting ike-scan 1.9.4 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
Ending ike-scan 1.9.4: 1 hosts scanned in 2.438 seconds (0.41 hosts/sec). 0 returned handshake; 0 returned notify