Nmap Development mailing list archives
Re: Assertion failure with dns-zone-transfer.nse / tab.lua
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sun, 22 Feb 2009 19:30:27 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 22 Feb 2009 10:00:06 -0700 or thereabouts David Fifield <david () bamsoftware com> wrote:
On Sun, Feb 22, 2009 at 07:51:22AM +0000, Brandon Enright wrote:A few of our DNS servers are causing the DNS zone transfer script to cause tab.lua to error out: NSE (55.651s): dns-zone-transfer against 132.239.1.52:53 ended with error: /home/bmenrigh/flexmap/nmap/svn/nmap//nselib/tab.lua:45: assertion failed! I haven't worked on getting a backtrace yet so if the problem isn't immediately obvious I'll hack the traceback script up to provide one. I might also be able to provide a pcap of the error, depending on the privacy of the data contained in the pcap.I guess that the next call up is -- answer domain offset, line = parse_domain(data, offset) tab.add(table, 1, line) parse_domain (actually dns.decStr) returns nil when too many pointers are needed to decompress a message. This is to prevent the infinite recursion bug. The limit is 3, but maybe that needs to be higher. A packet capture of the DNS message would be helpful. David Fifield
Hmm, well it seems that when dns-zone-transfer tests for zone transfers, it really does perform a zone transfer for all of our zones. This produced almost 9000 packets at almost 9MB of capture. It took the wireshark DNS dissector a couple minutes to process the pcap. If the problem isn't just a pointer count finding it is probably going to be a needle-in-the-haystack search. I don't feel comfortable making our zone available to the list so I'll send you an email privately with a link. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmhp9oACgkQqaGPzAsl94IpdwCfVKWKZYSFyS+8HzdbUlNCZ6Ll BaAAnikFkmBFqmYoFGnoiURlpJfr0kpU =5/5B -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Assertion failure with dns-zone-transfer.nse / tab.lua Brandon Enright (Feb 21)
- Re: Assertion failure with dns-zone-transfer.nse / tab.lua David Fifield (Feb 22)
- Re: Assertion failure with dns-zone-transfer.nse / tab.lua Brandon Enright (Feb 22)
- Re: Assertion failure with dns-zone-transfer.nse / tab.lua David Fifield (Feb 22)