Re: Assertion failure with zero-byte Nsock writes

[Fyodor <fyodor () insecure org>]

On Thu, Jan 21, 2010 at 06:38:00PM -0700, David Fifield wrote:
> You can crash Nmap with the following NSE script:
[...]
> Do we want to change this? Some alternatives are to treat this as a
> normal, handleable Nsock error, to treat the call as a no-op (in the TCP
> case) and return success immediately, or to just do a zero-byte send
> with whatever behavior that may invoke.
>
> I don't think that the assertion was meant to prohibit zero-byte write,
> though it has that effect. It looks like it was meant to catch errors in
> Nsock's internal buffering code, where the internal send routine
> shouldn't be called again once the buffer is exhausted.

It sounds worth changing to me.  NSE scripts shouldn't be able to
crash Nmap so easily.

Making it a normal, handleable Nsock error sounds like a good solution
to me.  I think such calls are generally a bug (or at least an
inefficiency), and returning an error will increase the chances that
they get noticed and fixed.

On the other hand, I'm fine with treating it as a no-op if you prefer
that.  I guess it avoids the higher level code having to check, and it
"just works" with only a small performance penalty caused by the
higher-level code doing a pointless write and dealing with the
callback.

I would only advocate the zero-byte send approach if you like the
no-op idea, and that is easier to implement.  Or if someone knows of a
legitimate reason for a zero-byte TCP write.

Cheers,
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/