Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Never ending RPC scripts

From: Henri Doreau <henri.doreau () gmail com>
Date: Sat, 20 Oct 2012 17:02:33 +0200
2012/10/20 David Fifield <david () bamsoftware com>:

On Sat, Oct 20, 2012 at 02:09:02AM +0200, Henri Doreau wrote:

Hi,

I noticed that nmap gets DoSed when scanning a chargen spitting zeroes
(haven't tried other subtleties). By DoSed I mean infinite loop in
rpc.lua and significant CPU consumption if network is fast enough.

To reproduce:

target:~$ ncat ---keep-open -l 4444 < /dev/zero
scanner:~$ nmap -sV target

(reproducer works fine with target being localhost too).

Basically, the data is being ignored by ReceivePacket()
(nselib/rpc.lua) and the RPC decoding process never actually starts.

I mitigated the issue using the patch attached that limits iterations
to an (arbitrary) chosen number. It's not checked in as I haven't
checked yet whether RFCs specify a cleaner way to do these receiving
operations (suggestions are welcome).


This looks fine to check in. I don't know what is a better way to do the
parsing.

David Fifield

Checked in as r30066. I've added a comment to make it clear where this
constant comes from.

-- 
Henri
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: