Home page logo

nmap-dev logo Nmap Development mailing list archives

Unhandled NSE exceptions
From: David Fifield <david () bamsoftware com>
Date: Thu, 1 Nov 2007 15:09:06 -0700

I have been experiencing a segmentation fault with NSE when running the
ripeQuery.nse script. Here's what I see:

        nmap --script=ripeQuery.nse -n -PN -d localhost
        Initiating SYN Stealth Scan at 14:55
        Scanning [1705 ports]
        Packet capture filter (device lo): dst host and (icmp or (tcp and (src host
        Discovered open port 22/tcp on
        Discovered open port 631/tcp on
        Discovered open port 6000/tcp on
        Completed SYN Stealth Scan at 14:55, 0.11s elapsed (1705 total ports)
        SCRIPT ENGINE: Initiating script scanning.
        SCRIPT ENGINE: Script scanning .
        SCRIPT ENGINE: Using 
/usr/libexec/nmap/nse/?.so;./?.so;/usr/local/lib/lua/5.1/?.so;/usr/local/lib/lua/5.1/loadall.so to search for C-modules 
 for Lua-modules
        SCRIPT ENGINE: Initialized 1 rules
        SCRIPT ENGINE: Matching rules.
        SCRIPT ENGINE: Will run /usr/share/nmap/scripts/ripeQuery.nse against
        SCRIPT ENGINE: Running scripts.
        SCRIPT ENGINE: Runlevel: 1.000000
        Initiating SCRIPT ENGINE at 14:55
        Socket troubles: Address family not supported by protocol
        Segmentation fault

I tracked the problem down to the fact that I had IPv6 headers and
libraries without kernel support for IPv6. The call to getaddrinfo
caused by socket:connect in the script was returning an IPv6 address,
and when that was passed to nsock_connect_internal it displayed the
"Socket troubles" error. The segmentation fault is caused later when a
socket descriptor of -1 (returned by connect) is used at line 1059 in

The error went away when I installed kernel IPv6 support, but i can
reproduce it by unloading and blacklisting the ipv6 module.

socket:connect is throwing an exception when this occurs. If I modify
the script to catch the exception it correctly exits without a
segmentation fault.

But the question is, shouldn't errors in things like socket:connect exit
the script if there's no exception handler? Is that possible?

(Another thing is that there should be an internal check for the -1
socket descriptor, but that should be easy to fix.)


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
  • Unhandled NSE exceptions David Fifield (Nov 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]