solancer / skipfish

skipfish - web application security scanner
Apache License 2.0
0 stars 0 forks source link

skipfish segfaulted while scanning #20

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

skipfish segfaultet while scanning an application.

Core was generated by 
`./skipfish -C AUDSSESSION 1d5282c6539eb1d7480d2b7b4ee107ec -N -o /tmp/auds
-g'.

The directory was empty so no logs can be provided.  A corefile can be
provided on request. 

gdb output:

Core was generated by `./skipfish -C AUDSSESSION
1d5282c6539eb1d7480d2b7b4ee107ec -N -o /tmp/auds3 -g'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f653967a7f4 in strcasecmp () from /lib/libc.so.6
(gdb) bt
#0  0x00007f653967a7f4 in strcasecmp () from /lib/libc.so.6
#1  0x00000000004052c6 in set_value (type=<value optimized out>, 
    name=0x491a1f0 "form", val=<value optimized out>, 
    offset=<value optimized out>, par=0x49295e8) at http_client.c:139
#2  0x000000000041ede2 in collect_form_data (req=<value optimized out>, 
    res=<value optimized out>) at analysis.c:545
#3  scrape_response (req=<value optimized out>, res=<value optimized out>)
    at analysis.c:789
#4  0x00000000004133e3 in par_dict_callback (req=0x4916410, res=0x4917600)
    at crawler.c:1894
#5  0x000000000040bbae in next_from_queue () at http_client.c:2038
#6  0x00000000004033b6 in main (argc=<value optimized out>, 
    argv=<value optimized out>) at skipfish.c:419
(gdb) u
The program is not running.
(gdb) up
#1  0x00000000004052c6 in set_value (type=<value optimized out>, 
    name=0x491a1f0 "form", val=<value optimized out>, 
    offset=<value optimized out>, par=0x49295e8) at http_client.c:139
139       if (name && strcasecmp((char*)par->n[i], (char*)name)) continue;
(gdb) print name
$1 = (u8 *) 0x491a1f0 "form"
(gdb) print par->n[i]
$2 = (u8 *) 0x0
(gdb) print i
$3 = 1

Original issue reported on code.google.com by florian.streibelt on 22 Mar 2010 at 10:56

GoogleCodeExporter commented 8 years ago
Interesting, investigating.

Original comment by lcam...@gmail.com on 22 Mar 2010 at 3:37

GoogleCodeExporter commented 8 years ago
This should be now fixed.

Original comment by lcam...@gmail.com on 22 Mar 2010 at 7:48