Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NSE crash in socket_lock when connect used in prerule

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 28 Mar 2014 13:01:35 -0500
On 03/28/2014 12:23 PM, Patrick Donnelly wrote:

On Mar 26, 2014 9:21 PM, "David Fifield" <david () bamsoftware com> wrote:

The crash is in the last lua_rawset call in socket_lock. I suppose it
has something to do with there not existing a script thread at the time
the prerule is called. It seems like you should be able to use a socket
in a prerule, though. Is there a good fix for this?

Early on I (?) decided to not allow socket connections in rule functions.
The reason for that is NSE isn't structured to loop over rule functions
which have made connections. That is, if a rule function yields, then NSE
must resume it when the socket operation is complete and get the rule
function result. I think rule functions need to be short and simple or
every script is blocked in the rule evaluation step.
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
I agree philosophically that rule functions should not be contacting the target (or anything else, really). It is fairly simple (and several scripts do so) to perform a connection check at the beginning of the action and bail (return nil) if there is no way to continue.
However, I think maybe we could be clearer about what is going wrong. Is there some state in the Lua environment that could be checked in l_connect or socket_lock or somewhere to print a reminder ("Socket operations not allowed in rule functions") when this happens? 

Dan
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: