Assertion failure in nsock_core

[Ron <ron () skullsecurity net>]

I had a heck of a time reproducing this with gdb running, though it 
happened pretty regularly without it (I'd chalk that up to bad luck). 
But, I finally got a backtrace! David, I hope this is helpful. :)

This is the command I used (I've attached the current version of 
http-enum.nse, though I doubt it'll make a difference):
./nmap -T4 -d -p80,443 -PS80,443 --script=html-title,http-enum -iR 4000

And this is where it failed:
--
nmap: nsock_core.c:169: socket_count_write_dec: Assertion 
`(iod->writesd_count) > 0' failed.

Program received signal SIGABRT, Aborted.
0xb7b95c66 in raise () from /lib/libc.so.6
(gdb) backtrace
#0  0xb7b95c66 in raise () from /lib/libc.so.6
#1  0xb7b97571 in abort () from /lib/libc.so.6
#2  0xb7b8ee60 in __assert_fail () from /lib/libc.so.6
#3  0x080c01bc in socket_count_write_dec (iod=0x14ef, ms=0x83ab950) at 
nsock_core.c:169
#4  0x080c2335 in nsock_loop (nsp=0x83ab950, msec_timeout=50) at 
nsock_core.c:906
#5  0x080b486c in l_nsock_loop (L=0x839de40) at nse_nsock.cc:496
#6  0x080de59a in luaD_precall (L=0x839de40, func=0x83c62b4, nresults=0) 
at ldo.c:319
#7  0x080de9b9 in luaD_call (L=0x839de40, func=0x83c62b4, nResults=0) at 
ldo.c:376
#8  0x080dbf45 in lua_call (L=0x839de40, nargs=1, nresults=0) at lapi.c:782
#9  0x080b0fbc in nsock_loop (L=0x839de40) at nse_main.cc:167
#10 0x080de59a in luaD_precall (L=0x839de40, func=0x83c629c, nresults=0) 
at ldo.c:319
#11 0x080e661c in luaV_execute (L=0x839de40, nexeccalls=2) at lvm.c:587
#12 0x080de9fb in luaD_call (L=0x839de40, func=0x83c6194, nResults=0) at 
ldo.c:377
#13 0x080dbf19 in f_call (L=0x839de40, ud=0xbfe3be94) at lapi.c:800
#14 0x080de1a6 in luaD_rawrunprotected (L=0x839de40, f=0x80dbf00 
<f_call>, ud=0xbfe3be94) at ldo.c:116
#15 0x080de1ff in luaD_pcall (L=0x839de40, func=0x80dbf00 <f_call>, 
u=0xbfe3be94, old_top=36, ef=24) at ldo.c:463
#16 0x080dbd86 in lua_pcall (L=0x839de40, nargs=1, nresults=0, 
errfunc=1) at lapi.c:821
#17 0x080b1be6 in run_main (L=0x839de40) at nse_main.cc:457
#18 0x080de59a in luaD_precall (L=0x839de40, func=0x83c617c, nresults=0) 
at ldo.c:319
#19 0x080de9b9 in luaD_call (L=0x839de40, func=0x83c617c, nResults=0) at 
ldo.c:376
#20 0x080dbeea in f_Ccall (L=0x839de40, ud=0xbfe3c0c0) at lapi.c:846
#21 0x080de1a6 in luaD_rawrunprotected (L=0x839de40, f=0x80dbe90 
<f_Ccall>, ud=0xbfe3c0c0) at ldo.c:116
#22 0x080de1ff in luaD_pcall (L=0x839de40, func=0x80dbe90 <f_Ccall>, 
u=0xbfe3c0c0, old_top=12, ef=0) at ldo.c:463
#23 0x080dbd3d in lua_cpcall (L=0x839de40, func=0x80b1ae0 <run_main>, 
ud=0xbfe3e100) at lapi.c:856
#24 0x080b0d5c in script_scan (targets=@0xbfe3e100) at nse_main.cc:552
#25 0x08062b60 in nmap_main (argc=8, argv=0xbfe412a4) at nmap.cc:1945
#26 0x0805e3bd in main (argc=8, argv=0xbfe412a4) at main.cc:205
--
It doesn't happen every time, though, I had to do it a couple times 
before it failed.

Thanks!
Ron

--
Ron Bowes
http://www.skullsecurity.org/

Attachment: http-enum.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org