Nmap Development mailing list archives
Re: Unhandled NSE exceptions
From: David Fifield <david () bamsoftware com>
Date: Thu, 5 Jun 2008 18:16:56 -0600
On Tue, Jun 03, 2008 at 06:04:25PM -0600, Patrick Donnelly wrote:
On Tue, Jun 3, 2008 at 10:48 AM, David Fifield <david () bamsoftware com> wrote:Is there a way to make NSE exceptions work more like exceptions in other languages? That is, let you catch them if you want, otherwise quit the script (not the whole Nmap process) safely. DavidIf nsock signaled an error which is caught (via pcall), then yes. Instead the style chosen was similar to assert (http://www.lua.org/manual/5.1/manual.html#pdf-assert). The problem is that if the script writer choses to ignore the return values of the socket methods, the script may go on to do something undesired. Have you been able to figure out which socket method is causing the segfault?
It's not a segfault, it's an assertion failure. A connect call fails and returns a socket descriptor of -1. The assertion failure comes later when the script tries to use the bogus socket. This line in ripeQuery.nse tries to create a socket: socket:connect("whois.ripe.net", 43) The failing call to socket is here: #0 nsock_connect_internal (ms=Variable "ms" is not available. ) at nsock_connect.c:82 #1 0x081b16b7 in nsock_connect_tcp (nsp=0x82a7fd8, ms_iod=0x82afde0, handler=0x8196162 <l_nsock_connect_handler(void*, void*, void*)>, timeout_msecs=30000, userdata=0x82af180, saddr=0x82afc98, sslen=28, port=43) at nsock_connect.c:152 #2 0x08196707 in l_nsock_connect (L=0x82af180) at nse_nsock.cc:312 #3 0x08198dfa in l_nsock_connect_queued (L=0x82af180) at nse_nsock.cc:268 #4 0x081d9650 in luaD_precall () #5 0x081e21e6 in luaV_execute () #6 0x081d9207 in luaD_rawrunprotected () #7 0x081d93c0 in lua_resume () #8 0x08187b61 in process_mainloop (L=0x82a2490) at nse_main.cc:369 #9 0x08189537 in script_scan (targets=@0xbf828e40) at nse_main.cc:289 #10 0x08099a12 in nmap_main (argc=6, argv=0xbf82c0a4) at nmap.cc:1797 #11 0x08085c9e in main (argc=6, argv=0xbf82c0a4) at main.cc:224 (socket returns -1.) Because the connection fails, this error message is printed: Socket troubles: Address family not supported by protocol But again, that's not the real problem. That's because my system was misconfigured. socket:connect correctly returns {nil, "ERROR"}. The real problem is that the script continues running after the connection fails. The line socket:send(host.ip .. "\n") hits this assertion assert(nse->iod->sd >= 0); here: #0 nsp_add_event (nsp=0x82a8038, nse=0x82b3800) at nsock_core.c:1060 #1 0x081b4d45 in nsock_write (ms_pool=0x82a8038, ms_iod=0x82b3748, handler=0x81933b6 <l_nsock_send_handler(void*, void*, void*)>, timeout_msecs=30000, userdata=0x82b2be0, data=0x82b38b0 "127.0.0.1\n", datalen=10) at nsock_write.c:99 #2 0x08198a1e in l_nsock_send (L=0x82b2be0) at nse_nsock.cc:379 #3 0x081d9650 in luaD_precall () #4 0x081e21e6 in luaV_execute () #5 0x081d9207 in luaD_rawrunprotected () #6 0x081d93c0 in lua_resume () #7 0x08187b61 in process_mainloop (L=0x82a24f0) at nse_main.cc:369 #8 0x08189537 in script_scan (targets=@0xbf81d610) at nse_main.cc:289 #9 0x08099a12 in nmap_main (argc=7, argv=0xbf820874) at nmap.cc:1797 #10 0x08085c9e in main (argc=7, argv=0xbf820874) at main.cc:224 I think the script should just die if socket:connect fails, and let other scripts run. After all, there are a lot of ways a socket connection can fail. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Unhandled NSE exceptions David Fifield (Jun 03)
- Re: Unhandled NSE exceptions Patrick Donnelly (Jun 03)
- Re: Unhandled NSE exceptions David Fifield (Jun 05)
- Re: Unhandled NSE exceptions Patrick Donnelly (Jun 03)