Re: [Full-disclosure] [WEB SECURITY] announcing skipfish, an automated web app, security scanner (NeZa)



When I tried ./skipfish -o /var/tmp/out -W dictionaries/complete.wl
http://192.168.1.1

I got this error:

skipfish version 1.19b by <lcamtuf@xxxxxxxxxx>
*** glibc detected *** ./skipfish: realloc(): invalid pointer:
0x0000000002101420 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f75d490ed16]
/lib/libc.so.6[0x7f75d49150c5]
./skipfish[0x40bff2]
./skipfish[0x40e0bb]
./skipfish[0x40e28a]
./skipfish[0x403123]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f75d48bcabd]
./skipfish[0x402369]
======= Memory map: ========
00400000-00429000 r-xp 00000000 08:12 21200950
/home/njh/Download/skipfish/skipfish
00628000-00629000 rw-p 00028000 08:12 21200950
/home/njh/Download/skipfish/skipfish
00629000-0062a000 rw-p 00000000 00:00 0
02100000-02121000 rw-p 00000000 00:00 0
[heap]
7f75d4484000-7f75d449a000 r-xp 00000000 08:06 3407913
/lib/libgcc_s.so.1
7f75d449a000-7f75d4699000 ---p 00016000 08:06 3407913
/lib/libgcc_s.so.1
7f75d4699000-7f75d469a000 rw-p 00015000 08:06 3407913
/lib/libgcc_s.so.1
7f75d469a000-7f75d469c000 r-xp 00000000 08:06 3408113
/lib/libdl-2.10.2.so
7f75d469c000-7f75d489c000 ---p 00002000 08:06 3408113
/lib/libdl-2.10.2.so
7f75d489c000-7f75d489d000 r--p 00002000 08:06 3408113
/lib/libdl-2.10.2.so
7f75d489d000-7f75d489e000 rw-p 00003000 08:06 3408113
/lib/libdl-2.10.2.so
7f75d489e000-7f75d49e8000 r-xp 00000000 08:06 3408094
/lib/libc-2.10.2.so
7f75d49e8000-7f75d4be8000 ---p 0014a000 08:06 3408094
/lib/libc-2.10.2.so
7f75d4be8000-7f75d4bec000 r--p 0014a000 08:06 3408094
/lib/libc-2.10.2.so
7f75d4bec000-7f75d4bed000 rw-p 0014e000 08:06 3408094
/lib/libc-2.10.2.so
7f75d4bed000-7f75d4bf2000 rw-p 00000000 00:00 0
7f75d4bf2000-7f75d4c09000 r-xp 00000000 08:06 4180650
/usr/lib/libz.so.1.2.3.4
7f75d4c09000-7f75d4e08000 ---p 00017000 08:06 4180650
/usr/lib/libz.so.1.2.3.4
7f75d4e08000-7f75d4e09000 rw-p 00016000 08:06 4180650
/usr/lib/libz.so.1.2.3.4
7f75d4e09000-7f75d4e3a000 r-xp 00000000 08:06 4181738
/usr/lib/libidn.so.11.6.1
7f75d4e3a000-7f75d503a000 ---p 00031000 08:06 4181738
/usr/lib/libidn.so.11.6.1
7f75d503a000-7f75d503b000 rw-p 00031000 08:06 4181738
/usr/lib/libidn.so.11.6.1
7f75d503b000-7f75d5089000 r-xp 00000000 08:06 4186090
/usr/lib/libssl.so.0.9.8
7f75d5089000-7f75d5289000 ---p 0004e000 08:06 4186090
/usr/lib/libssl.so.0.9.8
7f75d5289000-7f75d5290000 rw-p 0004e000 08:06 4186090
/usr/lib/libssl.so.0.9.8
7f75d5290000-7f75d5404000 r-xp 00000000 08:06 4184592
/usr/lib/libcrypto.so.0.9.8
7f75d5404000-7f75d5604000 ---p 00174000 08:06 4184592
/usr/lib/libcrypto.so.0.9.8
7f75d5604000-7f75d562c000 rw-p 00174000 08:06 4184592
/usr/lib/libcrypto.so.0.9.8
7f75d562c000-7f75d5630000 rw-p 00000000 00:00 0
7f75d5630000-7f75d564d000 r-xp 00000000 08:06 3407962
/lib/ld-2.10.2.so
7f75d5829000-7f75d582d000 rw-p 00000000 00:00 0
7f75d5847000-7f75d584c000 rw-p 00000000 00:00 0
7f75d584c000-7f75d584d000 r--p 0001c000 08:06 3407962
/lib/ld-2.10.2.so
7f75d584d000-7f75d584e000 rw-p 0001d000 08:06 3407962
/lib/ld-2.10.2.so
7fffb41b7000-7fffb41cd000 rw-p 00000000 00:00 0
[stack]
7fffb41ff000-7fffb4200000 r-xp 00000000 00:00 0
[vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
Aborted (core dumped)
njh@packard:~/Download/skipfish$

The gdb backtrace is:

#0 0x00007f75d48cff45 in *__GI_raise (sig=<value optimized out>)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007f75d48d2d80 in *__GI_abort () at abort.c:88
#2 0x00007f75d490554d in __libc_message (do_abort=2,
fmt=0x7fffb41c9c90 ' ' <repeats 23 times>,
"[stack]\n7fffb41ff000-7fffb4200000 r-xp 00000000 00:00 0", ' ' <repeats
26 times>, "[vdso]\nffffffffff600000-ffffffffff601000 r-xp 00000000
00:00 0", ' ' <repeats 18 times>, "[vsyscall]\n:06 4"...) at
../sysdeps/unix/sysv/linux/libc_fatal.c:173
#3 0x00007f75d490ed16 in malloc_printerr (action=3,
str=0x7f75d49b6baf "realloc(): invalid pointer", ptr=<value
optimized out>)
at malloc.c:6239
#4 0x00007f75d49150c5 in realloc_check (oldmem=0x2101420, bytes=16,
caller=<value optimized out>) at hooks.c:330
#5 0x000000000040bff2 in __DFL_ck_realloc (orig=0x2101420, size=5665)
at alloc-inl.h:91
#6 0x000000000040e0bb in wordlist_confirm_single (text=<value optimized
out>,
is_ext=<value optimized out>, add_hits=<value optimized out>,
total_age=2,
last_age=2) at database.c:841
#7 0x000000000040e28a in load_keywords (fname=<value optimized out>,
purge_age=0) at database.c:976
#8 0x0000000000403123 in main (argc=6, argv=0x7fffb41ca758) at
skipfish.c:398

-Nigel

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/