Nmap Development mailing list archives

Re: [NSE] [Call for Testers] Nsock Library Binding Improvements

From: David Fifield <david () bamsoftware com>
Date: Fri, 17 Sep 2010 17:08:33 -0700

On Tue, Sep 14, 2010 at 03:19:06AM -0400, Patrick Donnelly wrote:

Hello list,

I have a new branch for NSE's Nsock library binding. It is a
maintenance release focusing on correctness and preparation for Lua's
upcoming 5.2 release (it does not rely on Lua 5.2 right now). I would
greatly appreciate any script writers or Nmap users of NSE to quickly
test out the branch and report any problems they may encounter.
Ideally, you should notice no changes in how your scripts run. Please
report back if it works for you.


I ilke these maintenance changes that you've made. Thanks for taking the
initiative to prepare for Lua 5.2.

What's new about lua_yield in 5.2?

+/* Lua 5.2 compatibility macro */
+#define lua_yieldk(L,n,ctx,k)  lua_yield(L,n)

o pcap_open takes boolean (promiscous) for 3rd argument. Callback removed.
o pcap_register obsolete and removed.
o pcap_receive returns packets matching the bpf filter. Packet
"hashes" via callbacks which filter extraneous packets is gone. You do
this yourself by inspecting the returned packets by pcap_receive.


I think this is a good idea. We've discussed before how the reason for
the registration scheme is to allow many instances of a script to share
the same pcap descriptor and BPF filter. However your implementation
keeps the caching of descriptors so that the same script using the same
BPF will use the same descriptor. If I understand correctly, if lots of
scripts used a different BPF in the old scheme, they would get different
descriptors anyway. I think this would be the case for scripts that
build up BPF using host.ip.

I got some Valgrind errors when running the sniffer-detect script. (At
the end of this message.) It looks like memory is being used after being
freed. My first guess would be to check open_eth_cached.

David Fifield

# valgrind --track-fds=yes --leak-check=full ./nmap --datadir . --script=sniffer-detect -sn 192.168.0.1 -d --release-mem

==6047== Invalid write of size 2
==6047==    at 0x80D4E20: eth_send (eth-linux.c:74)
==6047==    by 0x80BBB7D: ethernet_send(lua_State*) (nse_dnet.cc:150)
==6047==    by 0x80DA8D4: luaD_precall (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80E3429: luaV_execute (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DA416: luaD_rawrunprotected (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DA60B: lua_resume (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80E8EDC: auxresume (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80E9164: luaB_coresume (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DA8D4: luaD_precall (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80E3429: luaV_execute (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DAD67: luaD_call (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80D7F20: f_call (in /home/david/nse-nsock-maintenance/nmap)
==6047==  Address 0x4618fb6 is 38 bytes inside a block of size 56 free'd
==6047==    at 0x4025579: free (vg_replace_malloc.c:325)
==6047==    by 0x80D4E03: eth_close (eth-linux.c:86)
==6047==    by 0x80BBD66: close_eth(lua_State*) (nse_dnet.cc:79)
==6047==    by 0x80DA8D4: luaD_precall (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DAD18: luaD_call (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DC3AF: GCTM (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DC509: singlestep (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DC946: luaC_step (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80D7BC7: lua_gc (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80EA642: luaB_collectgarbage (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DA8D4: luaD_precall (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80E3429: luaV_execute (in /home/david/nse-nsock-maintenance/nmap)
==6047==
==6047== Invalid read of size 4
==6047==    at 0x80D4E46: eth_send (eth-linux.c:76)
==6047==    by 0x80BBB7D: ethernet_send(lua_State*) (nse_dnet.cc:150)
==6047==    by 0x80DA8D4: luaD_precall (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80E3429: luaV_execute (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DA416: luaD_rawrunprotected (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DA60B: lua_resume (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80E8EDC: auxresume (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80E9164: luaB_coresume (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DA8D4: luaD_precall (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80E3429: luaV_execute (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DAD67: luaD_call (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80D7F20: f_call (in /home/david/nse-nsock-maintenance/nmap)
==6047==  Address 0x4618f90 is 0 bytes inside a block of size 56 free'd
==6047==    at 0x4025579: free (vg_replace_malloc.c:325)
==6047==    by 0x80D4E03: eth_close (eth-linux.c:86)
==6047==    by 0x80BBD66: close_eth(lua_State*) (nse_dnet.cc:79)
==6047==    by 0x80DA8D4: luaD_precall (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DAD18: luaD_call (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DC3AF: GCTM (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DC509: singlestep (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DC946: luaC_step (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80D7BC7: lua_gc (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80EA642: luaB_collectgarbage (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DA8D4: luaD_precall (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80E3429: luaV_execute (in /home/david/nse-nsock-maintenance/nmap)
==6047==
==6047== Syscall param socketcall.sendto(to.sa_family) points to unaddressable byte(s)
==6047==    at 0x443AE81: sendto (in /lib/libc-2.10.1.so)
==6047==    by 0x80BBB7D: ethernet_send(lua_State*) (nse_dnet.cc:150)
==6047==    by 0x80DA8D4: luaD_precall (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80E3429: luaV_execute (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DA416: luaD_rawrunprotected (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DA60B: lua_resume (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80E8EDC: auxresume (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80E9164: luaB_coresume (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DA8D4: luaD_precall (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80E3429: luaV_execute (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DAD67: luaD_call (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80D7F20: f_call (in /home/david/nse-nsock-maintenance/nmap)
==6047==  Address 0x4618fb4 is 36 bytes inside a block of size 56 free'd
==6047==    at 0x4025579: free (vg_replace_malloc.c:325)
==6047==    by 0x80D4E03: eth_close (eth-linux.c:86)
==6047==    by 0x80BBD66: close_eth(lua_State*) (nse_dnet.cc:79)
==6047==    by 0x80DA8D4: luaD_precall (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DAD18: luaD_call (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DC3AF: GCTM (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DC509: singlestep (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DC946: luaC_step (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80D7BC7: lua_gc (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80EA642: luaB_collectgarbage (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80DA8D4: luaD_precall (in /home/david/nse-nsock-maintenance/nmap)
==6047==    by 0x80E3429: luaV_execute (in /home/david/nse-nsock-maintenance/nmap)

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] [Call for Testers] Nsock Library Binding Improvements Patrick Donnelly (Sep 14)
- Re: [NSE] [Call for Testers] Nsock Library Binding Improvements Patrick Donnelly (Sep 14)
- Re: [NSE] [Call for Testers] Nsock Library Binding Improvements Kris Katterjohn (Sep 14)
  - Re: [NSE] [Call for Testers] Nsock Library Binding Improvements Patrick Donnelly (Sep 14)
    - Re: [NSE] [Call for Testers] Nsock Library Binding Improvements Henri Doreau (Sep 15)
    - Re: [NSE] [Call for Testers] Nsock Library Binding Improvements Patrick Donnelly (Sep 15)
    - Re: [NSE] [Call for Testers] Nsock Library Binding Improvements Henri Doreau (Sep 16)
- Re: [NSE] [Call for Testers] Nsock Library Binding Improvements David Fifield (Sep 17)
  - Re: [NSE] [Call for Testers] Nsock Library Binding Improvements Patrick Donnelly (Sep 17)
    - Re: [NSE] [Call for Testers] Nsock Library Binding Improvements David Fifield (Sep 18)