Nmap Development mailing list archives
Unhandled NSE exceptions
From: David Fifield <david () bamsoftware com>
Date: Thu, 1 Nov 2007 15:09:06 -0700
I have been experiencing a segmentation fault with NSE when running the ripeQuery.nse script. Here's what I see: nmap --script=ripeQuery.nse -n -PN -d localhost ... Initiating SYN Stealth Scan at 14:55 Scanning 127.0.0.1 [1705 ports] Packet capture filter (device lo): dst host 127.0.0.1 and (icmp or (tcp and (src host 127.0.0.1))) Discovered open port 22/tcp on 127.0.0.1 Discovered open port 631/tcp on 127.0.0.1 Discovered open port 6000/tcp on 127.0.0.1 Completed SYN Stealth Scan at 14:55, 0.11s elapsed (1705 total ports) SCRIPT ENGINE: Initiating script scanning. SCRIPT ENGINE: Script scanning . SCRIPT ENGINE: Using /usr/libexec/nmap/nse/?.so;./?.so;/usr/local/lib/lua/5.1/?.so;/usr/local/lib/lua/5.1/loadall.so to search for C-modules and /usr/share/nmap/nselib/?.lua;./?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/share/lua/5.1/?/init.lua;/usr/local/lib/lua/5.1/?.lua;/usr/local/lib/lua/5.1/?/init.lua for Lua-modules SCRIPT ENGINE: Initialized 1 rules SCRIPT ENGINE: Matching rules. SCRIPT ENGINE: Will run /usr/share/nmap/scripts/ripeQuery.nse against 127.0.0.1 SCRIPT ENGINE: Running scripts. SCRIPT ENGINE: Runlevel: 1.000000 Initiating SCRIPT ENGINE at 14:55 Socket troubles: Address family not supported by protocol Segmentation fault I tracked the problem down to the fact that I had IPv6 headers and libraries without kernel support for IPv6. The call to getaddrinfo caused by socket:connect in the script was returning an IPv6 address, and when that was passed to nsock_connect_internal it displayed the "Socket troubles" error. The segmentation fault is caused later when a socket descriptor of -1 (returned by connect) is used at line 1059 in nsock_core.c. The error went away when I installed kernel IPv6 support, but i can reproduce it by unloading and blacklisting the ipv6 module. socket:connect is throwing an exception when this occurs. If I modify the script to catch the exception it correctly exits without a segmentation fault. But the question is, shouldn't errors in things like socket:connect exit the script if there's no exception handler? Is that possible? (Another thing is that there should be an internal check for the -1 socket descriptor, but that should be easy to fix.) David _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Unhandled NSE exceptions David Fifield (Nov 01)