Nmap Development mailing list archives
Re: Never ending RPC scripts
From: Henri Doreau <henri.doreau () gmail com>
Date: Sat, 20 Oct 2012 17:02:33 +0200
2012/10/20 David Fifield <david () bamsoftware com>:
On Sat, Oct 20, 2012 at 02:09:02AM +0200, Henri Doreau wrote:Hi, I noticed that nmap gets DoSed when scanning a chargen spitting zeroes (haven't tried other subtleties). By DoSed I mean infinite loop in rpc.lua and significant CPU consumption if network is fast enough. To reproduce: target:~$ ncat ---keep-open -l 4444 < /dev/zero scanner:~$ nmap -sV target (reproducer works fine with target being localhost too). Basically, the data is being ignored by ReceivePacket() (nselib/rpc.lua) and the RPC decoding process never actually starts. I mitigated the issue using the patch attached that limits iterations to an (arbitrary) chosen number. It's not checked in as I haven't checked yet whether RFCs specify a cleaner way to do these receiving operations (suggestions are welcome).This looks fine to check in. I don't know what is a better way to do the parsing. David Fifield
Checked in as r30066. I've added a comment to make it clear where this constant comes from. -- Henri _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Never ending RPC scripts Henri Doreau (Oct 19)
- Re: Never ending RPC scripts David Fifield (Oct 20)
- Re: Never ending RPC scripts Henri Doreau (Oct 20)
- Re: Never ending RPC scripts David Fifield (Oct 20)