Bug 1700114

Summary:	free(): double free detected in tcache 2
Product:	[Fedora] Fedora	Reporter:	Xinya Zhang <zxy_thf>
Component:	nmap	Assignee:	Pavel Zhukov <pzhukov>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	high
Version:	29	CC:	darunesh, mhlavink, pzhukov
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Linux
Whiteboard:
Fixed In Version:	nmap-7.70-7.fc30 nmap-7.70-5.fc29	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2019-05-07 05:41:37 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1749181

Description Xinya Zhang 2019-04-15 21:45:23 UTC

Description of problem:
nmap reports 'free(): double free detected in tcache 2' and aborted after running
'nmap --script ssh-auth-methods localhost'

Version-Release number of selected component (if applicable):
nmap-7.70-4.fc29.src.rpm

How reproducible:
Run 'nmap --script ssh-auth-methods localhost'

Steps to Reproduce:
1. nmap --script ssh-auth-methods localhost
2.
3.

Actual results:
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-15 16:37 CDT
free(): double free detected in tcache 2
Aborted (core dumped)

Expected results:
Shows the current authentication methods allowed by localhost sshd

Additional info:
This bug report and corresponding solution has been submitted to upstream at https://github.com/nmap/nmap/issues/1077 TWO years ago but apparently the upstream is working on it.

The backtrace has been submitted as FAF #2529606, full URL: https://retrace.fedoraproject.org/faf/reports/2529606/

Comment 1 Xinya Zhang 2019-04-15 23:06:05 UTC

Update: it seems this has been fixed by commit 350bbe0597d37ad67abe5fef8fba984707b4e9ad in upstream. However this version has not been released yet.

Comment 2 Xinya Zhang 2019-04-16 01:54:23 UTC

Update2: To reproduce this bug, the target ssh server must be configured without ssh-rsa nor ssh-dss public key support (in my case only ssh-ed25519 is enabled).
This can be done by simply commenting out HostKey lines in sshd_config instead of hacking the crypto-policies.

Comment 3 Fedora Update System 2019-05-02 13:16:04 UTC

nmap-7.70-7.fc30 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-be0ee2bc61

Comment 4 Fedora Update System 2019-05-02 13:36:44 UTC

nmap-7.70-5.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-b387905e49

Comment 5 Fedora Update System 2019-05-03 04:12:24 UTC

nmap-7.70-7.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-be0ee2bc61

Comment 6 Fedora Update System 2019-05-03 05:41:48 UTC

nmap-7.70-5.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-b387905e49

Comment 7 Fedora Update System 2019-05-07 05:41:37 UTC

nmap-7.70-7.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2019-05-18 03:20:54 UTC

nmap-7.70-5.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Comment 9 Pavel Zhukov 2019-09-05 07:31:36 UTC

*** Bug 1749182 has been marked as a duplicate of this bug. ***