Nmap Development mailing list archives

Re: NSE Socket Operation on a non-socket

From: David Fifield <david () bamsoftware com>
Date: Tue, 21 Jul 2009 21:11:51 -0600

On Tue, Jul 21, 2009 at 01:32:11PM -0600, David Fifield wrote:

On Sat, Jul 18, 2009 at 11:05:09PM -0600, David Fifield wrote:

On Sat, Jul 18, 2009 at 04:54:41AM +0100, jah wrote:

I've been struggling with an error which I can reliably reproduce with
the following (r14408) nmap command against a windows machine with tcp
ports 445 and 3389 open:

nmap -sSV -p 445,3389 -PN -n --script banner,smb-enum-shares -d <target>

The error looks like this:

NSOCK (-1950392.4020s) nsock_loop error 10038: An operation was
attempted on something that is not a socket.
NSE: Script Engine Scan Aborted.
An error was thrown by the engine: a fatal error occurred in nsock_loop
stack traceback:
        [C]: ?
        [C]: in function 'nsock_loop'
        C:\Program Files\Nmap\nse_main.lua:605: in function 'run'
        C:\Program Files\Nmap\nse_main.lua:734: in function <C:\Program Files\Nmap\nse_main.lua:693>
        [C]: ?


I got this error too on Windows a few days ago while running an NSE
benchmark test for Patrick. It happened every time with


I think I have found the cause of this problem. This too is related to
the change to counting the number of pending reads and writes on sockets
to control the select sets.

Re: Ncat with ssl using 100% cpu (PATCH)
http://seclists.org/nmap-dev/2009/q3/0019.html

Re: Assertion failure in nsock_core
http://seclists.org/nmap-dev/2009/q3/0128.html

The error happens when handle_connect_result is called for an SSL
connection. At this point the socket's read and write counts are
decremented (to zero). Usually after the TCP connection,
handle_connect_result needs to be called again to handle an
SSL_ERROR_WANT_READ. In this case the read count is incremented (to
one). It is normally decremented to zero after that, but in case of a
connection timeout it is not. So the socket descriptor remains in the
select set and causes the error when selected on.


The fix is committed in r14489.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: NSE Socket Operation on a non-socket, (continued)
- - Re: NSE Socket Operation on a non-socket Joao Correa (Jul 19)
    - Re: NSE Socket Operation on a non-socket jah (Jul 19)
    - Re: NSE Socket Operation on a non-socket Joao Correa (Jul 21)
    - [NSE] - dns.query() return types jah (Jul 21)
    - Re: [NSE] - dns.query() return types David Fifield (Jul 21)
    - Re: [NSE] - dns.query() return types jah (Jul 22)
  - Re: NSE Socket Operation on a non-socket jah (Jul 19)
  - Re: NSE Socket Operation on a non-socket jah (Jul 19)
  - Re: NSE Socket Operation on a non-socket David Fifield (Jul 21)
    - Re: NSE Socket Operation on a non-socket jah (Jul 21)
    - Re: NSE Socket Operation on a non-socket David Fifield (Jul 21)