RE: Assertion failed during output of an NSE script

["Thomas Buchanan" <TBuchanan () thecompassgrp net>]

> -----Original Message-----
> From: nmap-dev-bounces () insecure org 
> [mailto:nmap-dev-bounces () insecure org] On Behalf Of Thomas Buchanan
> Sent: Monday, June 11, 2007 3:51 PM
> To: nmap-dev () insecure org
> Subject: Assertion failed during output of an NSE script
>
> I was doing some testing on another NSE script I'm working on, and ran
> into the following error message, which results in an early 
> termination
> of the running nmap process.  It seems to be repeatable on my system,
> but I really don't know what steps I should take to try to track it
> down.  Maybe somebody can give me some pointers.
>
> Here's the error message:
>
> nmap: NmapOutputTable.cc:162: void NmapOutputTable::addItem(unsigned
> int, unsigned int, bool, const char*, int): Assertion `row < numRows'
> failed.
>
> The error message only seems to occur when nmap only displays
> "Interesting ports", but does not occur when the output for 
> each port is
> listed (this seems to happen when ~20 or fewer ports are scanned).

I've looked at this a little more with the help of gdb, and here's what
I've found so far.

This is definitely only triggered when the number of ignored ports in
the output list is greater than 25. 

My NSE script changes the port state on one of the ports from
open|filtered to open.  For some reason, this change doesn't properly
update the number of ignored ports in the portlist.

Here's what nmap prints when doing a -sUV scan against the host, without
the NSE script:

Starting program: /home/tbuchanan/build/nmap-svn/nmap/nmap -sUV -p
1400-1450 192.168.128.51

Starting Nmap 4.21ALPHA5 ( http://insecure.org ) at 2007-06-14 15:22 CDT
Interesting ports on 192.168.128.51:
Not shown: 49 open|filtered ports

PORT     STATE  SERVICE  VERSION
1433/udp closed ms-sql-s
1434/udp open   ms-sql-m Microsoft SQL Server <snip>

Here's what nmap starts to print when doing the -sU --script scan,
without the version scan:

Starting Nmap 4.21ALPHA5 ( http://insecure.org ) at 2007-06-14 15:28 CDT
<snip>
Host 192.168.128.51 appears to be up ... good.
Interesting ports on 192.168.128.51:
Not shown: 50 open|filtered ports
<------ this is the last line printed by nmap

By setting breakpoints with gdb, I can see that it tries to go ahead and
print the following:
PORT     STATE  SERVICE
1433/udp closed ms-sql-s
1434/udp open   ms-sql-m
|  MS SQL: Discovered Microsoft SQL Server 2005 Express Edition

So, it actually only has 49 open|filtered ports, with one closed, and
one open, just like the previous scan.  When it starts to output the
table (in output.cc), it calculates that the output should be no more
then 3 rows (header + 1 interesting port + 1 row of script output), so
when it gets to the fourth row, it fails the assertion.

Sorry I don't have a patch, but I'm still digging through this to see
why the portlist isn't updated correctly by the NSE script.

If anybody who knows the code better can find something, that'd be
great, otherwise I'll keep digging.

Thomas

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org