Re: More nsock socket_count_write_dec assert() failures

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 3 Mar 2010 12:44:04 -0700
David Fifield <david () bamsoftware com> wrote:
[...]
> > It looks like #4 can only execute if iod->ssl is true, and #5 can
> > only execute if iod->ssl is not true.
>
> Please try the attached patch. The counts may have been being
> decremented incorrectly when an SSL write failed with an
> SSL_ERROR_WANT_READ. The read count would have been incremented but
> after the write succeeded the write count would have been decremented.


I applied the patch earlier today and started up the scans.  I just had
one crash in the same way:

#0  0x00007f9a19a09205 in raise () from /lib/libc.so.6
(gdb) bt
#0  0x00007f9a19a09205 in raise () from /lib/libc.so.6
#1  0x00007f9a19a0a723 in abort () from /lib/libc.so.6
#2  0x00007f9a19a02229 in __assert_fail () from /lib/libc.so.6
#3  0x0000000000483a4e in socket_count_write_dec (iod=<value optimized out>, 
    ms=<value optimized out>) at nsock_core.c:199
#4  0x000000000048426e in handle_write_result (ms=0x16b96f0, nse=0x2603b70, 
    status=<value optimized out>) at nsock_core.c:537
#5  0x00000000004859cc in nsock_loop (nsp=0x16b96f0, msec_timeout=50)
    at nsock_core.c:950
#6  0x0000000000476b71 in l_nsock_loop (L=0x16de520) at nse_nsock.cc:551


I figure there are so many ways to increment and decrement the counts
that tracking this down will be really hard.  If I can find a host that
crashes every time I'll narrow down to just the port and script and see
if I can produce useful narrow output of what is going on.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAkuR0bgACgkQqaGPzAsl94JFVQCfRc0DabjRati2VwWDgpekZyun
GNIAoIzFt7iEQ/zr79CcSAWZuiaM5EQ3
=w+AV
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/