Bug in nmap 5.20 (nsock_core.c:516: handle_write_result)

[pyllyukko <pyllyukko () maimed org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello list.

So I downloaded the brand new nmap 5.20 and set off to scan my lan. nmap 
suddenly crashed stating: "nmap: nsock_core.c:516: handle_write_result: 
Assertion `bytesleft > 0' failed".

I briefly tried to debug it, and narrowed down the cause.

Here's the exact command used, it's 100% reproducible (on my system, that 
is):
nmap -sS --script http-userdir-enum.nse --script-args=unsafe=1 
- --script-trace -PR -T 4 -p80 -oA 192.168.0.2-%Y%m%d%R-debug -d9 
- --log-errors --reason -R 192.168.0.2

Here's the last few lines of the debug output:
NSOCK (0.1860s) Write request for 149 bytes to IOD #3 EID 91 
[192.168.0.2:80]
NSOCK (0.1860s) nsock_loop() started (timeout=50ms). 1 events pending
NSOCK (0.1860s) Callback: WRITE SUCCESS for EID 91 [192.168.0.2:80]
NSE: TCP 192.168.0.35:37821 > 192.168.0.2:80 | CLOSE
NSE: Received only 0 of 1 expected reponses.
Decreasing max pipelined requests to 0.
NSOCK (0.1870s) TCP connection requested to 192.168.0.2:80 (IOD #4) EID 96
NSOCK (0.1870s) nsock_loop() started (timeout=50ms). 1 events pending
NSOCK (0.1870s) Callback: CONNECT SUCCESS for EID 96 [192.168.0.2:80]
NSE: TCP 192.168.0.35:37822 > 192.168.0.2:80 | CONNECT
NSE: TCP 192.168.0.35:37822 > 192.168.0.2:80 |
NSOCK (0.1870s) Write request for 0 bytes to IOD #4 EID 107 
[192.168.0.2:80]:
nmap: nsock_core.c:516: handle_write_result: Assertion `bytesleft > 0' 
failed.
NSOCK (0.1880s) nsock_loop() started (timeout=50ms). 1 events pending

Now what?-)

- --pyllyukko
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAktXbikACgkQjAuVIaHzLqoTtQCg4vG8ooBCWY3hC406I6kqVa1q
9pIAoKRjzJKxBSWeuWfofxsqSGTcuCiy
=P2q8
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/