Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

gh_list operation failing assertion in nsock_connect_tcp

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 6 Feb 2009 04:42:47 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Developers,

While trying to test Ron's smb-brute.nse script I've run into a
segfault which happens in both the SVN HEAD as well as Ron's nmap-smb
branch.

Here is the error:

nmap: gh_list.c:264: gh_list_prepend: Assertion `list->magic == 0xBADFACE' failed.

It is happening on this command:

$ sudo ./nmap --datadir . --script=smb-brute.nse -sC -p 135,139,445 -P S135,139,445 -T5 -v -n -d a.b.0.0/16 c.d.0.0/16 
--min-hostgroup 4096 --min-parallelism 4096 --host-timeout 240m -oA smbbrute_campus 2>&1 > smbbrute_campus.txt 
2>smbbrute_campus.err

The backtrace is from SVN HEAD (using Ron's scripts):

Program terminated with signal 11, Segmentation fault.
#0  gh_list_prepend (list=0x18c9490, data=0x2409560) at gh_list.c:204
204       list->free = list->free->next;
(gdb) bt
#0  gh_list_prepend (list=0x18c9490, data=0x2409560) at gh_list.c:204
#1  0x0000000000477d3f in nsock_connect_tcp (nsp=0x18c9180, ms_iod=0x2b382e0, 
    handler=<value optimized out>, timeout_msecs=<value optimized out>, 
    userdata=0x28af600, saddr=0x2a742c0, sslen=16, port=445)
    at nsock_connect.c:171
#2  0x000000000046c620 in l_nsock_connect (L=0x28af600) at nse_nsock.cc:474
#3  0x00007f7269716846 in ?? () from /usr/lib/liblua.so.5
#4  0x00007f726971f2f0 in ?? () from /usr/lib/liblua.so.5
#5  0x00007f726971645e in ?? () from /usr/lib/liblua.so.5
#6  0x00007f72697165f9 in lua_resume () from /usr/lib/liblua.so.5
#7  0x00000000004690b1 in process_mainloop (L=0x18be980) at nse_main.cc:498
#8  0x0000000000469bd8 in script_scan (targets=@0x28d3a20) at nse_main.cc:354
#9  0x000000000041d9e4 in nmap_main (argc=23, argv=0x7fff72560b78)
    at nmap.cc:1817
#10 0x0000000000419747 in main (argc=23, argv=0x7fff72560b78) at main.cc:224


The problem is reproducible and it always happens in the middle of NSE
printing a bunch of:

NSE: Performing nbstat on host 'x.x.x.x'

There is no difference between the nbstat.nse script or netbios.lua
library between Ron's trunk and HEAD.

I'm happy to test more or provide any additional details.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkmLv9EACgkQqaGPzAsl94IZ8ACfSiQvdhwIe2v8y4eRMwcEEKnG
m2IAnA2J4LNlYibWI502Yc4cxNC1dn9o
=fdvB
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: