Skip to content

fatal: Trying to delete NSI, but could not find 1 of the purportedly pending events on that IOD. #2912

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dksslq opened this issue Aug 15, 2024 · 2 comments
Open

fatal: Trying to delete NSI, but could not find 1 of the purportedly pending events on that IOD. #2912

dksslq opened this issue Aug 15, 2024 · 2 comments
Labels
Nmap

Comments

@dksslq
Copy link

dksslq commented Aug 15, 2024
edited
Loading

Very legacy error reproduced
When I do a mass 'pcap read' related script scan on windows, it's happening
Syn-scan finish and a few minutes after the NSE scan begins:
image

  1. unexpected value of nse->iod pointer.
  2. double fatal print out, its occasionally. (is nmap multi-threading or ... excpt-catch?)

To Reproduce
Just type command bellow if you owned a big network for testing.
If you running nmap-7.95 official release (which not applied commit 13be028 "nse_dnet: try raw Ethernet sends if raw sockets don't work, e.g. Windows"), you should nmap with right-click "Run as Administrator", if not, scripts will stop by threwing error permission-related on that case

nmap -n -Pn -sS --min-parallelism 2048 --min-hostgroup 2048 -vvvv -d --script broadcast-ataoe-discover.nse,broadcast-dhcp-discover.nse,broadcast-eigrp-discovery.nse,broadcast-igmp-discovery.nse,broadcast-listener.nse,broadcast-ospf2-discover.nse,broadcast-pim-discovery.nse,broadcast-ping.nse,broadcast-sonicwall-discover.nse,eap-info.nse,firewalk.nse,firewall-bypass.nse,http-vuln-cve2009-3960.nse,ip-forwarding.nse,ipidseq.nse,ipv6-node-info.nse,knx-gateway-discover.nse,llmnr-resolve.nse,lltd-discovery.nse,mrinfo.nse,mtrace.nse,multicast-profinet-discovery.nse,path-mtu.nse,profinet-cm-lookup.nse,qscan.nse,rpcap-brute.nse,rpcap-info.nse,smb-enum-services.nse,sniffer-detect.nse,snmp-brute.nse,targets-ipv6-multicast-echo.nse,targets-ipv6-multicast-invalid-dst.nse,targets-ipv6-multicast-slaac.nse,targets-sniffer.nse,tftp-version.nse,tls-ticketbleed.nse,url-snarf.nse --remove-it-f7 --script-trace -iR 2048

Or a simpler and more violent version to spray all of nse scripts

nmap -n -Pn -sS --remove-it-9d --min-parallelism 2048 --min-hostgroup 2048 -vvvv -d --script "*" --script-trace -iR 2048

You should probably pass --min-rate with a large number to shorten the time
2048 becomes higher etc...

Expected behavior
Scan finish normally

Version info (please complete the following information):
nmap 7.95 relase or vcs latest commits.
Nmap version 7.95 ( https://nmap.org )
Platform: i686-pc-windows-windows
Compiled with: nmap-liblua-5.4.6 openssl-3.0.13 nmap-libssh2-1.11.0 nmap-libz-1.3.1 nmap-libpcre2-10.43 Npcap-1.79 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: iocp poll select

Additional context
@dksslq dksslq added the Nmap label Aug 15, 2024
@dksslq
Copy link
Author

dksslq commented Aug 15, 2024

For test, I inserted a print line into function nsock_iod_delete()
image

@dksslq
Copy link
Author

dksslq commented Aug 15, 2024

Looks like a overflow vuln.

nmap-bot pushed a commit that referenced this issue Nov 13, 2024
@bonsaiviking
Consolidate event list management to nevent_unref()
cffc94e 
Removes duplicate logic for PCAP_BSD_SELECT_HACK. May address accounting
problems that led to issues like #187 (macOS) and #2912 (Windows).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Nmap
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dksslq