mailing list archives
Unhandled NSE exceptions
From: David Fifield <david () bamsoftware com>
Date: Thu, 1 Nov 2007 15:09:06 -0700
I have been experiencing a segmentation fault with NSE when running the
ripeQuery.nse script. Here's what I see:
nmap --script=ripeQuery.nse -n -PN -d localhost
Initiating SYN Stealth Scan at 14:55
Scanning 127.0.0.1 [1705 ports]
Packet capture filter (device lo): dst host 127.0.0.1 and (icmp or (tcp and (src host 127.0.0.1)))
Discovered open port 22/tcp on 127.0.0.1
Discovered open port 631/tcp on 127.0.0.1
Discovered open port 6000/tcp on 127.0.0.1
Completed SYN Stealth Scan at 14:55, 0.11s elapsed (1705 total ports)
SCRIPT ENGINE: Initiating script scanning.
SCRIPT ENGINE: Script scanning .
SCRIPT ENGINE: Using
/usr/libexec/nmap/nse/?.so;./?.so;/usr/local/lib/lua/5.1/?.so;/usr/local/lib/lua/5.1/loadall.so to search for C-modules
SCRIPT ENGINE: Initialized 1 rules
SCRIPT ENGINE: Matching rules.
SCRIPT ENGINE: Will run /usr/share/nmap/scripts/ripeQuery.nse against 127.0.0.1
SCRIPT ENGINE: Running scripts.
SCRIPT ENGINE: Runlevel: 1.000000
Initiating SCRIPT ENGINE at 14:55
Socket troubles: Address family not supported by protocol
I tracked the problem down to the fact that I had IPv6 headers and
libraries without kernel support for IPv6. The call to getaddrinfo
caused by socket:connect in the script was returning an IPv6 address,
and when that was passed to nsock_connect_internal it displayed the
"Socket troubles" error. The segmentation fault is caused later when a
socket descriptor of -1 (returned by connect) is used at line 1059 in
The error went away when I installed kernel IPv6 support, but i can
reproduce it by unloading and blacklisting the ipv6 module.
socket:connect is throwing an exception when this occurs. If I modify
the script to catch the exception it correctly exits without a
But the question is, shouldn't errors in things like socket:connect exit
the script if there's no exception handler? Is that possible?
(Another thing is that there should be an internal check for the -1
socket descriptor, but that should be easy to fix.)
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org
- Unhandled NSE exceptions David Fifield (Nov 01)