Avoid crashing when Nsock connect calls the callback immediately due to parameter errors

nse_nsock.cc

@@ -350,6 +350,15 @@ static void callback (nsock_pool nsp, nsock_event nse, void *ud)
 {
   nse_nsock_udata *nu = (nse_nsock_udata *) ud;
   lua_State *L = nu->thread;
+  if (lua_status(L) == LUA_OK && nse_status(nse) == NSE_STATUS_ERROR) {
+    // Sometimes Nsock fails immediately and callback is called before
+    // l_connect has a chance to yield. TODO: Figure out how to return an error
+    // to the calling thread without falling into an infinite loop somewhere.
+    // http://seclists.org/nmap-dev/2016/q1/201
+    trace(nse_iod(nse), nu->action, nu->direction);
+    nsock_iod_delete(nu->nsiod, NSOCK_PENDING_NOTIFY);
+    luaL_error(L, "Nsock immediate error");
+  }
   assert(lua_status(L) == LUA_YIELD);
   trace(nse_iod(nse), nu->action, nu->direction);
   status(L, nse_status(nse));
@@ -515,6 +524,9 @@ static int l_connect (lua_State *L)
   }
 
   nu->af = dest->ai_addr->sa_family;
+  nu->thread = L;
+  nu->action = "PRECONNECT";
+  nu->direction = TO;
 
   switch (what)
   {

service_scan.cc

@@ -2261,11 +2261,16 @@ static int launchSomeServiceProbes(nsock_pool nsp, ServiceGroup *SG) {
                         svc, (struct sockaddr *) &ss, ss_len,
                         svc->portno);
     }
+    // Check that the service is still where we left it.
+    // servicescan_connect_handler can call end_svcprobe before this point,
+    // putting it into services_finished already.
+    if (SG->services_remaining.front() == svc) {
       // Now remove it from the remaining service list
       SG->services_remaining.pop_front();
       // And add it to the in progress list
       SG->services_in_progress.push_back(svc);
     }
+  }
   return 0;
 }