Differences for page Open bugsCurrent version compared with version Wed Aug 22 16:38:41 GMT 2007...
Please write the bug report in any case even if you have only some of this information.
+ -----------------------------------
+ ->OS Ubuntu 8.10
+ ->hping version 2.0.0-rc3, 3.0.0-alpha-2
+ ->gcc version 4.3.2 (Ubuntu 4.3.2-1ubuntu12
+ Buffer overflow is in place when options --scan and -t uses at the same time. At the list below I used ttl 1 (there are two hops to the target 10.201.1.100). But situation is the same for any ttl=target_ttl-1 and less. Also I mentioned that if I use one remote port to scan sometimes issue not shown and I can see the normal output of hping. Situation is the same both for hping2 and hping3.
+
+ root@bt:~# traceroute -T 10.201.1.100
+ traceroute to 10.201.1.100 (10.201.1.100), 30 hops max, 40 byte packets
+ 1 my.firewall (10.201.2.1) 5.406 ms 10.532 ms 15.561 ms
+ 2 10.201.1.100 (10.201.1.100) 58.799 ms 60.190 ms 61.298 ms
+
+ root@bt:~# hping -S -p 80 10.201.1.100
+ HPING 10.201.1.100 (eth0 10.201.1.100): S set, 40 headers + 0 data bytes
+ len=46 ip=10.201.1.100 ttl=127 DF id=20607 sport=80 flags=SA seq=0 win=65535 rtt=4.9 ms
+ len=46 ip=10.201.1.100 ttl=127 DF id=20610 sport=80 flags=SA seq=1 win=65535 rtt=4.9 ms
+ ^C
+ --- 10.201.1.100 hping statistic ---
+ 2 packets transmitted, 2 packets received, 0% packet loss
+ round-trip min/avg/max = 4.9/4.9/4.9 ms
+
+ root@bt:~# hping -S -p 80 -t 1 10.201.1.100
+ HPING 10.201.1.100 (eth0 10.201.1.100): S set, 40 headers + 0 data bytes
+ TTL 0 during transit from ip=10.201.2.1 name=my.firewall
+ TTL 0 during transit from ip=10.201.2.1 name=my.firewall
+ TTL 0 during transit from ip=10.201.2.1 name=my.firewall
+ ^C
+ --- 10.201.1.100 hping statistic ---
+ 3 packets transmitted, 3 packets received, 0% packet loss
+ round-trip min/avg/max = 0.0/0.0/0.0 ms
+
+ root@bt:~# hping -S --scan 80 -t 1 10.201.1.100
+ Scanning 10.201.1.100 (10.201.1.100), port 80
+ 1 ports to scan, use -V to see all the replies
+ +----+-----------+---------+---+-----+-----+
+ |port| serv name | flags |ttl| id | win |
+ +----+-----------+---------+---+-----+-----+
+ *** buffer overflow detected ***: hping terminated
+ ======= Backtrace: =========
+ /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7f746d8]
+ /lib/tls/i686/cmov/libc.so.6[0xb7f72800]
+ hping[0x8050529]
+ hping[0x805100a]
+ hping[0x8049be8]
+ /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7e90685]
+ hping[0x8049461]
+ ======= Memory map: ========
+ 08048000-08058000 r-xp 00000000 03:05 1058310 /usr/sbin/hping2
+ 08058000-0805a000 rw-p 0000f000 03:05 1058310 /usr/sbin/hping2
+ 0805a000-08060000 rw-p 00000000 00:00 0
+ 080fb000-0811c000 rw-p 00000000 00:00 0 [heap]
+ b7d98000-b7da5000 r-xp 00000000 03:05 1038415 /lib/libgcc_s.so.1
+ b7da5000-b7da6000 r--p 0000c000 03:05 1038415 /lib/libgcc_s.so.1
+ b7da6000-b7da7000 rw-p 0000d000 03:05 1038415 /lib/libgcc_s.so.1
+ b7db9000-b7e7a000 rw-s 00000000 00:08 1736725 /SYSV00000000 (deleted)
+ b7e7a000-b7fd2000 r-xp 00000000 03:05 1048034 /lib/tls/i686/cmov/libc-2.8.90.so
+ b7fd2000-b7fd4000 r--p 00158000 03:05 1048034 /lib/tls/i686/cmov/libc-2.8.90.so
+ b7fd4000-b7fd5000 rw-p 0015a000 03:05 1048034 /lib/tls/i686/cmov/libc-2.8.90.so
+ b7fd5000-b7fd8000 rw-p 00000000 00:00 0
+ b7fea000-b7fec000 rw-p 00000000 00:00 0
+ b7fec000-b8006000 r-xp 00000000 03:05 1038373 /lib/ld-2.8.90.so
+ b8006000-b8007000 rw-p 00000000 00:00 0
+ b8007000-b8008000 r--p 0001a000 03:05 1038373 /lib/ld-2.8.90.so
+ b8008000-b8009000 rw-p 0001b000 03:05 1038373 /lib/ld-2.8.90.so
+ bf8fd000-bf912000 rw-p 00000000 00:00 0 [stack]
+ ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso]
+ Aborted
+ Not responding ports: (80 www)
+ All replies received. Done.
+
+ root@bt:~# hping -S --scan 80 10.201.1.100
+ Scanning 10.201.1.100 (10.201.1.100), port 80
+ 1 ports to scan, use -V to see all the replies
+ +----+-----------+---------+---+-----+-----+
+ |port| serv name | flags |ttl| id | win |
+ +----+-----------+---------+---+-----+-----+
+ 80 www : .S..A... 127 46672 65535
+ All replies received. Done.
+ Not responding ports:
+
+ ------------------------------------------------------------
+
+
----
+ *FIXME fixed:* The IP id issue for fragments can be resolved with this path. 13.09.2007 (oliver dot stampfli @ epfl dot ch)
+ Index: sendip.c
+ ===================================================================
+ RCS file: /cvsroot/hping2/hping3s/sendip.c,v
+ retrieving revision 1.2
+ diff -r1.2 sendip.c
+ 67c67,68
+ < else /* if you need fragmentation id must not be randomic */
+ ---
+ > else /* if you need fragmentation id must not be random but all fragments belonging to the
+ > * the same IP packet must have the same id that is unique amongst other fragments. */
+ 69,73c70,79
+ < /* FIXME: when frag. enabled sendip_handler shold inc. ip->id */
+ < /* for every frame sent */
+ < ip->id = (src_id == -1) ?
+ < htons(getpid() & 255) :
+ < htons((unsigned short) src_id);
+ ---
+ > if(src_id == -1)
+ > {
+ > __u16 b16_counter = (__u16)sent_pkt;
+ > __u16 b16_pid = getpid() & 0xff;
+ > ip->id = htons(b16_pid + b16_counter);
+ > }
+ > else
+ > {
+ > ip->id = htons((unsigned short) src_id);
+ > }
+ ----
+ *Bug Report:* Error in computation of checksums for odd packet size. 31.8.2007 (oliver dot stampfli @ epfl dot ch)
+ It is the same bug that was already discovered in the ars.c file but this one is in the cksum.c file:
+ Change line 22 of cksum.c.
+ *((__u16 *) &oddbyte) = *(__u16 *) buf;
+ To
+ *((__u16 *) &oddbyte) = *(__u8 *) buf;
+ ----
*Bug Report:* Not possible to send maximal data size. (oliver dot stampfli at epfl dot ch)
One can not send packets with the maximal size of 65535 byte.
...
hanfi
- -------------------------------------------------------------------------------
+ -------------------------------------
+
OpenSuSE 10.2 has problems compiling hping 3 with gcc 4.1.2 20061115 (prerelease) (SUSE Linux), tcl-8.4.14-11. Here are patches that worked for me.
*** Makefile-orig Wed Aug 22 10:40:02 2007
...
#include "release.h"
#include "hping2.h"
+
+ -------------------------------------
+
The following is the old page content
|