-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cross-compiled nmap 7.70 + NSE crash when running "telnet-brute" #1233
Comments
Thanks for the report! I can confirm this is happening, and is not related to cross-compiling or architecture. I've got one fix in for a different assertion,
This one was due to either calling close or the script being stopped by some external force while the socket read handler was still waiting. I'm still analyzing why it happened, but the fix is in, which allowed me to get the exact assertion failure you have reported. |
Well, this is a tricky one. So a bunch of the NSE socket internals are under the assumption that a socket will be worked on by only a single thread at a time. The socket object has a
We'll get it figured out soon. Very glad you reported it! |
Just adding a few thoughts:
|
Ya, don't do that! The script/library should be fixed. Library could be modified perhaps to check if the socket currently has a thread operating on it. |
I don't agree. What does it mean to have two threads waiting on a read on a socket? Or, one writing and one reading?
Rather than an assert, I would recommend throwing a Lua error as the script is buggy but it should not cause Nmap to crash. Otherwise, checking if the socket has an operation in-flight is a good idea. |
Well, it appears things were different than I thought. Sorry, @nnposter, there's nothing wrong with your script. I simplified it to use the brute.lua improvements instead of its own multithreading stuff, and it still triggers the error. Turns out the problem was with the brute.lua improvements, specifically the wrapping of the socket object. Because it was done improperly, any socket calls that were not wrapped explicitly would be called on a reference that just tracked the last socket to be created with A fix is incoming, but @alexisfacques if you want to quickly fix this one script, just change |
I'll give that a try, thank you guys for your reactivity! |
Tracking updates to telnet-brute at #1269 |
I'm sorry I couldn't narrow the issue...
Running the
telnet-brute
script with cross-compiled nmap 7.60 with GCC 6.x for ARM little endian systems worked fine:Running the same script and command, with nmap 7.70 return the following error (with
--script-trace
output). Related assertion nse_nsock.cc:672 :The text was updated successfully, but these errors were encountered: