stack smashing errors with SSH and MySQL modules in Ubuntu 16.04 box about ncrack HOT 5 OPEN

Could you please run Ncrack with gdb and print a stack trace? Thanks
$ gdb ncrack
(gdb) run --user root mysql://127.0.0.1 -d9 -v
...
(seg fault)
(gdb) i s
(gdb) i f

from ncrack.

(gdb) run
Starting program: /usr/local/bin/ncrack --user root mysql://127.0.0.1 -d9 -v
Fetchfile found /usr/local/share/ncrack/default.pwd

Starting Ncrack 0.5 ( http://ncrack.org ) at 2016-04-25 17:22 PDT

mysql://127.0.0.1:3306 (EID 1) Initiating new Connection
mysql://127.0.0.1:3306 pushed to list FULL
*** stack smashing detected ***: /usr/local/bin/ncrack terminated

Program received signal SIGABRT, Aborted.
0x00007ffff6ade418 in __GI_raise (sig=sig@entry=6)
at ../sysdeps/unix/sysv/linux/raise.c:54
54 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) i s
#0 0x00007ffff6ade418 in __GI_raise (sig=sig@entry=6)
at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff6ae001a in __GI_abort () at abort.c:89
#2 0x00007ffff6b2072a in __libc_message (do_abort=do_abort@entry=1,
fmt=fmt@entry=0x7ffff6c37c7f "*** %s ***: %s terminated\n")
at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff6bc189c in __GI___fortify_fail (msg=,
msg@entry=0x7ffff6c37c61 "stack smashing detected") at fortify_fail.c:37
#4 0x00007ffff6bc1840 in __stack_chk_fail () at stack_chk_fail.c:28
#5 0x0000000000426796 in ?? ()
#6 0x0000000000426843 in ?? ()
#7 0x0000000000409314 in ?? ()
#8 0x000000000042bf98 in ?? ()
#9 0x0000000000429b79 in ?? ()
#10 0x000000000042de29 in ?? ()
#11 0x0000000000429650 in ?? ()
#12 0x000000000040b538 in ?? ()
#13 0x000000000040748b in ?? ()
#14 0x00007ffff6ac9830 in __libc_start_main (main=0x407450, argc=6,
argv=0x7fffffffe5f8, init=, fini=,
rtld_fini=, stack_end=0x7fffffffe5e8)
at ../csu/libc-start.c:291
#15 0x0000000000407689 in ?? ()
(gdb) i f
Stack level 0, frame at 0x7fffffffc360:
rip = 0x7ffff6ade418 in __GI_raise (../sysdeps/unix/sysv/linux/raise.c:54);
saved rip = 0x7ffff6ae001a
called by frame at 0x7fffffffc490
source language c.
Arglist at 0x7fffffffc350, args: sig=sig@entry=6
Locals at 0x7fffffffc350, Previous frame's sp is 0x7fffffffc360
Saved registers:
rip at 0x7fffffffc358

from ncrack.

I'm having a similar / the same issue.

I ran ncrack with three usernames and four passwords.

After a successful login, It does a "popped from list FULL" and then "pushed to list FULL".
Between those operations the last password in my password array get turned to NULL or random bits.

I ran a scan 10 times with the same options and got these three different endings.

ssh://x:22 pushed to list FULL
Segmentation fault

---

ssh://x:22 pushed to list FULL
appendToPool: tried to append NULL password into pair pool
QUITTING!

---

ssh://x:22 pushed to list FULL
ssh://x:22 Pool: Append 'username-2' 'x«À�' 
ssh://x:22 (EID 24) closed on us in the middle of authentication!
ssh://x:22 (EID 24) Connection closed by peer
ssh://x:22 (EID 24) Dropping connection limit due to connection error to: 45
ssh://x:22 (EID 24) Attempts: total 5 completed 4 supported 4 --- rate 0.68 
Segmentation fault

If I specify the -f option I do not hit this issue as often.

Please let me know if you need anything else.

from ncrack.

FYI -- I'm seeing this same issue running against a single username, a list of 5 passwords and a list of hosts. Appears to get through some of the hosts and then segfaults, but other times it wont get through any and segfaults.

Running on the official kali docker image.

from ncrack.

Thanks for your reports! I will look into it.

from ncrack.