amap 5.2 compiled manually(./configure; make) works and updates fine. An attempt to update amap compiled using portage cases the crash with the following error: bash# amap -W Running Online Update for fingerprints, connecting to www.thc.org/thc-amap *** glibc detected *** amap: free(): invalid next size (normal): 0x08056920 *** ======= Backtrace: ========= /lib/libc.so.6[0xb7c7ba00] /lib/libc.so.6(cfree+0x89)[0xb7c7d6f9] /lib/libc.so.6(fclose+0x152)[0xb7c6bed2] /lib/libc.so.6[0xb7ce4783] /lib/libc.so.6(__res_ninit+0x23)[0xb7ce4ef3] /lib/libc.so.6(__res_maybe_init+0x6f)[0xb7ce5cff] /lib/libc.so.6(__nss_hostname_digits_dots+0x2e)[0xb7ce736e] /lib/libc.so.6(gethostbyname+0x97)[0xb7ceb6f7] amap[0x804fcc0] amap[0x8051773] amap[0x8049bcf] /lib/libc.so.6(__libc_start_main+0xdc)[0xb7c2bfdc] amap[0x80497d1] ======= Memory map: ======== 08048000-08054000 r-xp 00000000 08:07 362991 /usr/bin/amap 08054000-08055000 r--p 0000b000 08:07 362991 /usr/bin/amap 08055000-08056000 rw-p 0000c000 08:07 362991 /usr/bin/amap 08056000-08077000 rw-p 08056000 00:00 0 [heap] b7a00000-b7a21000 rw-p b7a00000 00:00 0 b7a21000-b7b00000 ---p b7a21000 00:00 0 b7b24000-b7b2d000 r-xp 00000000 08:07 334824 /usr/lib/gcc/i686-pc-linux-gnu/4.1.2/libgcc_s.so.1 b7b2d000-b7b2e000 rw-p 00009000 08:07 334824 /usr/lib/gcc/i686-pc-linux-gnu/4.1.2/libgcc_s.so.1 b7b2e000-b7b30000 rw-p b7b2e000 00:00 0 b7b30000-b7b37000 r-xp 00000000 08:07 318166 /usr/lib/libkrb5support.so.0.1 b7b37000-b7b38000 rw-p 00006000 08:07 318166 /usr/lib/libkrb5support.so.0.1 b7b38000-b7b46000 r-xp 00000000 08:07 367266 /lib/libresolv-2.6.1.so b7b46000-b7b47000 r--p 0000e000 08:07 367266 /lib/libresolv-2.6.1.so b7b47000-b7b48000 rw-p 0000f000 08:07 367266 /lib/libresolv-2.6.1.so b7b48000-b7b4a000 rw-p b7b48000 00:00 0 b7b4a000-b7b6d000 r-xp 00000000 08:07 317554 /usr/lib/libk5crypto.so.3.0 b7b6d000-b7b6e000 rw-p 00023000 08:07 317554 /usr/lib/libk5crypto.so.3.0 b7b6e000-b7b70000 r-xp 00000000 08:07 214526 /lib/libcom_err.so.2.1 b7b70000-b7b71000 r--p 00001000 08:07 214526 /lib/libcom_err.so.2.1 b7b71000-b7b72000 rw-p 00002000 08:07 214526 /lib/libcom_err.so.2.1 b7b72000-b7be8000 r-xp 00000000 08:07 317569 /usr/lib/libkrb5.so.3.2 b7be8000-b7bea000 rw-p 00076000 08:07 317569 /usr/lib/libkrb5.so.3.2 b7bea000-b7beb000 rw-p b7bea000 00:00 0 b7beb000-b7c11000 r-xp 00000000 08:07 317585 /usr/lib/libgssapi_krb5.so.2.2 b7c11000-b7c12000 rw-p 00026000 08:07 317585 /usr/lib/libgssapi_krb5.so.2.2 b7c12000-b7c14000 r-xp 00000000 08:07 366375 /lib/libdl-2.6.1.so b7c14000-b7c15000 r--p 00001000 08:07 366375 /lib/libdl-2.6.1.so b7c15000-b7c16000 rw-p 00002000 08:07 366375 /lib/libdl-2.6.1.so b7c16000-b7d40000 r-xp 00000000 08:07 366634 /lib/libc-2.6.1.so b7d40000-b7d42000 r--p 0012a000 08:07 366634 /lib/libc-2.6.1.so b7d42000-b7d43000 rw-p 0012c000 08:07 366634 /lib/libc-2.6.1.so b7d43000-b7d46000 rw-p b7d43000 00:00 0 b7d46000-b7d88000 r-xp 00000000 08:07 783947 /usr/lib/libssl.so.0.9.8 b7d88000-b7d89000 r--p 00041000 08:07 783947 /usr/lib/libssl.so.0.9.8 b7d89000-b7d8c000 rw-p 00042000 08:07 783947 /usr/lib/libssl.so.0.9.8 b7d8c000-b7eb3000 r-xp 00000000 08:07 783381 /usr/lib/libcrypto.so.0.9.8 b7eb3000-b7ebb000 r--p 00127000 08:07 783381 /usr/lib/libcrypto.so.0.9.8 b7ebb000-b7ec8000 rw-p 0012f000 08:07 783381 /usr/lib/libcrypto.so.0.9.8 b7ec8000-b7ecc000 rw-p b7ec8000 00:00 0 b7ecc000-b7ef1000 r-xp 00000000 08:07 349388 /usr/lib/libpcre.so.0.0.1 b7ef1000-b7ef2000 r--p 00025000 08:07 349388 /usr/lib/libpcre.so.0.0.1 b7ef2000-b7ef3000 rw-p 00026000 08:07 349388 /usr/lib/libpcre.so.0.0.1 b7ef3000-b7ef4000 rw-p b7ef3000 00:00 0 b7f07000-b7f21000 r-xp 00000000 08:07 367267 /lib/ld-2.6.1.so b7f21000-b7f22000 r--p 00019000 08:07 367267 /lib/ld-2.6.1.so b7f22000-b7f23000 rw-p 0001a000 08:07 367267 /lib/ld-2.6.1.so bfb1b000-bfb30000 rw-p bffeb000 00:00 0 [stack] ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso] Reproducible: Always
We have to decide how to handle and support tools which have its own build-in update mechanism. The same problem with nessus, metasploit (bug 195924) , nikto and many others.
Created attachment 141967 [details, diff] amap-5.2-r1.ebuild I have fixed the buffer overflow and updated a url to a correct one. "amap -W" should work again. The latest ebuild is also available from gentoo.o0o.nu sectools overlay.
Thank you for report Anton. This bug is fixed in the tree in amap-5.2-r1. And that was a good catch of overflow, btw. I've droped --prefix option to ./configure as I did not found where it is necessary. If you think it's required open new or reopen this bug. Also, next time, please, attach diff to bugzilla not full ebuild. diff is easier to review. Thank you again. FIXED.
Dropping --prefix is fine. Amap is just written so messy and I decided put it just in case to make sure all the rest of path patches are fine. Also, I didn't find where this "opt->filename = malloc( " is getting free, so it should be more memory leaks. Hopefully, it'll be fixed in next versions. Thanks for submitting it.
