Nmap Development mailing list archives
Re: More nsock socket_count_write_dec assert() failures
From: David Fifield <david () bamsoftware com>
Date: Wed, 3 Mar 2010 12:44:04 -0700
On Mon, Mar 01, 2010 at 12:39:44PM -0700, David Fifield wrote:
On Sat, Feb 27, 2010 at 02:40:02AM +0000, Brandon Enright wrote:It would help if you recompile with debugging and without optimization. It looks like calls are getting inlined and it's hard to tell where under nsock_loop the function is being called. Can you tell if this particular host is being connected to with SSL?Okay here is a full backtrace without optimization or stripping: (gdb) bt #0 0x00007fd90545a205 in raise () from /lib/libc.so.6 #1 0x00007fd90545b723 in abort () from /lib/libc.so.6 #2 0x00007fd905453229 in __assert_fail () from /lib/libc.so.6 #3 0x00000000005b543e in socket_count_write_dec (iod=<value optimized out>, ms=<value optimized out>) at nsock_core.c:199This is weird:#4 0x00000000005b5b4e in handle_write_result (ms=0x196b150, nse=0x248eb80, status=<value optimized out>) at nsock_core.c:536 #5 0x00000000005b727c in nsock_loop (nsp=0x196b150, msec_timeout=50) at nsock_core.c:937It doesn't look to me like these two lines can both execute. The first one (#4, line 536) is 531 if (iod->ssl) { 532 #if HAVE_OPENSSL 533 err = SSL_get_error(iod->ssl, res); 534 if (err == SSL_ERROR_WANT_READ) { 535 nse->sslinfo.ssl_desire = err; 536 socket_count_write_dec(iod, ms); 537 socket_count_read_inc(iod, ms); 538 } else if (err == SSL_ERROR_WANT_WRITE) { 539 nse->sslinfo.ssl_desire = err; 540 } else { 541 /* Unexpected error */ 542 nse->event_done = 1; 543 nse->status = NSE_STATUS_ERROR; 544 nse->errnum = EIO; 545 } 546 #endif 547 } else { The second one (#5, line 937) is 928 #if HAVE_OPENSSL 929 desire_r = nse->sslinfo.ssl_desire == SSL_ERROR_WANT_READ; 930 desire_w = nse->sslinfo.ssl_desire == SSL_ERROR_WANT_WRITE; 931 if (nse->iod->ssl && ((desire_r && match_r) || 932 (desire_w && match_w))) 933 handle_write_result(nsp, nse, NSE_STATUS_SUCCESS); 934 else 935 #endif 936 if (!nse->iod->ssl && match_w) 937 handle_write_result(nsp, nse, NSE_STATUS_SUCCESS); It looks like #4 can only execute if iod->ssl is true, and #5 can only execute if iod->ssl is not true.
Please try the attached patch. The counts may have been being decremented incorrectly when an SSL write failed with an SSL_ERROR_WANT_READ. The read count would have been incremented but after the write succeeded the write count would have been decremented. David Fifield
Attachment:
nsock-dec.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- More nsock socket_count_write_dec assert() failures Brandon Enright (Jan 25)
- Re: More nsock socket_count_write_dec assert() failures Brandon Enright (Feb 05)
- Re: More nsock socket_count_write_dec assert() failures David Fifield (Feb 26)
- Re: More nsock socket_count_write_dec assert() failures Brandon Enright (Feb 26)
- Re: More nsock socket_count_write_dec assert() failures Brandon Enright (Mar 01)
- Re: More nsock socket_count_write_dec assert() failures David Fifield (Mar 01)
- Re: More nsock socket_count_write_dec assert() failures David Fifield (Mar 03)
- Re: More nsock socket_count_write_dec assert() failures Brandon Enright (Mar 05)
- Re: More nsock socket_count_write_dec assert() failures David Fifield (Mar 09)