From 934868f3cef4d89be1b4780ad763e46a642744cd Mon Sep 17 00:00:00 2001 From: david Date: Wed, 10 Mar 2010 01:30:52 +0000 Subject: [PATCH] Take into account the current SSL desire when decrementing socket counts. Brandon reported this assertion failure when running http-enum: nmap: nsock_core.c:199: socket_count_write_dec: Assertion `(iod->writesd_count) > 0' failed. The problem was that handle_write_result always assumed that if a call to SSL_write failed with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, that it must have been invoked because the socket was writable (and hence the write count should be decremented). Because of how non-blocking sockets work in OpenSSL, it's possible that we called handle_write_result because a socket because *readable* and thus we should decrement the read count, not the write count. --- CHANGELOG | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index b3750cc47..ff8c4be6e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -2,6 +2,14 @@ [NOT YET RELEASED] +o Fixed an assertion failure: + nsock_core.c:199: socket_count_write_dec: Assertion `(iod->writesd_count) +> 0' failed. + that could occur when connecting to an SSL server with Nsock. This + was observed when running the http-enum script but could possibly + have happened in other situations. Thanks to Brandon for reporting + the bug and testing. [David] + o Added the function bignum_add to the nse_openssl library to support BIGNUM addition [Patrik]