NSE crash in socket_lock when connect used in prerule

[David Fifield <david () bamsoftware com>]

NSE crashes in socket_lock when a socket is connected in a prerule (or
postrule, or portrule) function.

prerule = function()
  local socket = nmap.new_socket("udp")
  socket:connect("8.8.8.8", 53, "udp")
end
action = function()
  return "done"
end

$ ./nmap --script scripts/test.nse
Starting Nmap 6.41SVN ( http://nmap.org ) at 2014-03-26 18:16 PDT
NSE: A thread for scripts/test.nse failed to load in prerule function:
table index is nil
stack traceback:
        [C]: in function 'connect'
        scripts/test.nse:3: in function '?'
        /home/david/nmap-git/nse_main.lua:430: in function </home/david/nmap-git/nse_main.lua:428>
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.03 seconds

The crash is in the last lua_rawset call in socket_lock. I suppose it
has something to do with there not existing a script thread at the time
the prerule is called. It seems like you should be able to use a socket
in a prerule, though. Is there a good fix for this?

    /* There is room for this thread to open sockets */
    nse_base(L);
    nseU_weaktable(L, 0, 0, "k"); /* weak socket references */
    lua_pushvalue(L, idx); /* socket */
    lua_pushboolean(L, true);
    lua_rawset(L, -3); /* add to sockets table */
    lua_rawset(L, THREAD_SOCKETS); /* add new <Thread, Sockets Table> Pair
                                    * to THREAD_SOCKETS */

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/