Nmap Development mailing list archives
Re: More nsock socket_count_write_dec assert() failures
From: David Fifield <david () bamsoftware com>
Date: Tue, 9 Mar 2010 18:36:20 -0700
On Sat, Mar 06, 2010 at 03:53:22AM +0000, Brandon Enright wrote:
On Wed, 3 Mar 2010 12:44:04 -0700 David Fifield <david () bamsoftware com> wrote: [...]It looks like #4 can only execute if iod->ssl is true, and #5 can only execute if iod->ssl is not true.Please try the attached patch. The counts may have been being decremented incorrectly when an SSL write failed with an SSL_ERROR_WANT_READ. The read count would have been incremented but after the write succeeded the write count would have been decremented.I applied the patch earlier today and started up the scans. I just had one crash in the same way: #0 0x00007f9a19a09205 in raise () from /lib/libc.so.6 (gdb) bt #0 0x00007f9a19a09205 in raise () from /lib/libc.so.6 #1 0x00007f9a19a0a723 in abort () from /lib/libc.so.6 #2 0x00007f9a19a02229 in __assert_fail () from /lib/libc.so.6 #3 0x0000000000483a4e in socket_count_write_dec (iod=<value optimized out>, ms=<value optimized out>) at nsock_core.c:199 #4 0x000000000048426e in handle_write_result (ms=0x16b96f0, nse=0x2603b70, status=<value optimized out>) at nsock_core.c:537 #5 0x00000000004859cc in nsock_loop (nsp=0x16b96f0, msec_timeout=50) at nsock_core.c:950 #6 0x0000000000476b71 in l_nsock_loop (L=0x16de520) at nse_nsock.cc:551 I figure there are so many ways to increment and decrement the counts that tracking this down will be really hard. If I can find a host that crashes every time I'll narrow down to just the port and script and see if I can produce useful narrow output of what is going on.
I worked off-list with Brandon on this problem, and I think we have it solved. It's committed as r16961. The problem was that handle_write_results always assumed that it was being called as the result of a socket becoming writable. If a call to SSL_write resulted in the pseudo-error SSL_ERROR_WANT_READ, it would (correctly) decrement the write count and increment the write count. However, when handle_write_result was called agains as a result of the socket becoming readable, handle_write_result would decrement the write count again in the event of the write finishing or another SSL_ERROR_WANT_READ. I added a new function socket_count_dec_ssl_desire so that handle_write_result and similar functions decrement either the read or write count depending on what was last being selected on. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- More nsock socket_count_write_dec assert() failures Brandon Enright (Jan 25)
- Re: More nsock socket_count_write_dec assert() failures Brandon Enright (Feb 05)
- Re: More nsock socket_count_write_dec assert() failures David Fifield (Feb 26)
- Re: More nsock socket_count_write_dec assert() failures Brandon Enright (Feb 26)
- Re: More nsock socket_count_write_dec assert() failures Brandon Enright (Mar 01)
- Re: More nsock socket_count_write_dec assert() failures David Fifield (Mar 01)
- Re: More nsock socket_count_write_dec assert() failures David Fifield (Mar 03)
- Re: More nsock socket_count_write_dec assert() failures Brandon Enright (Mar 05)
- Re: More nsock socket_count_write_dec assert() failures David Fifield (Mar 09)