Your message dated Tue, 17 Jul 2012 15:11:58 +0200 with message-id <[email protected]> and subject line This bug was never relevant to the nmap package itself and can be closed has caused the Debian Bug report #397183, regarding nmap: logic errors in regular expression parsing code to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 397183: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397183 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: nmap Version: 4.11-1 Severity: normal Hello, recently I found some logic errors in nmap's copy of the pcre library. 1) in the file nmap-4.11/libpcre/pcre_dfa_exec.c (function internal_dfa_exec, around line 1120) I find the following statement: int otherd = -1; if ((ims && PCRE_CASELESS) != 0) { ... } This is a programming mistake. 'ims' is a collection of flag bits, and PCRE_CASELESS is the bit mask for caseless matching. The test should be for 'ims & PCRE_CASELESS' instead. 2) the code, including the bug is duplicated a few lines down, around line 1147. 3) in file "pcre_compile.c" (function 'compile_branch', around line 2829) the following statement can be found: /* Condition to test for a numbered subpattern match. We know that if a digit follows ( then there will just be digits until ) because the syntax was checked in the first pass. */ else if ((digitab[ptr[1]] && ctype_digit) != 0) { ... } This is a programming error. The test for digits works by taking the bitwise (not logical) and between the corresponding entry in 'digitab' and the mask 'ctype_digit'. The if test should use '&' instead of '&&'. I did not check what the implications of these errors are, but probably they should be fixed anyway. I hope this helps, Jochen -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18.1 Locale: LANG=en_GB.iso885915, LC_CTYPE=en_GB.iso885915 (charmap=ISO-8859-15) Versions of packages nmap depends on: ii libc6 2.3.6.ds1-7 GNU C Library: Shared libraries ii libgcc1 1:4.1.1-19 GCC support library ii libpcre3 6.7-1 Perl 5 Compatible Regular Expressi ii libssl0.9.8 0.9.8c-3 SSL shared libraries ii libstdc++6 4.1.1-19 The GNU Standard C++ Library v3 nmap recommends no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Since not even version 4.11-1 was linked with the copy of libpcre that shipped with nmap, this bug could not be fixed in nmap itself. However, that's irrelevant now since the versions of pcre shipped with squeeze and later are newer than 6.7 where the bug is said to have been fixed. Cheers, -Hilko
--- End Message ---
