PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

Don't use uninitialized value in MIN() for maxSocketsAllowed

Browse Source
This commit is contained in:
dmiller
2023-09-01 20:02:38 +00:00
parent 0876310c2a
commit 0890822b09
2 changed files with 26 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -1,5 +1,8 @@
#Nmap Changelog ($Id$); -*-text-*- #Nmap Changelog ($Id$); -*-text-*-
o Fixed an issue where TCP Connect scan (-sT) on Windows would fail to open any
sockets, leading to scans that never finish. [Daniel Miller]
o [NSE] Fixed DNS TXT record parsing which caused asn-query to fail in Nmap o [NSE] Fixed DNS TXT record parsing which caused asn-query to fail in Nmap
7.80 and later. [David Fifield, Mike Pattrick] 7.80 and later. [David Fifield, Mike Pattrick]

34
scan_engine_connect.cc
View File

@@ -87,11 +87,22 @@ ConnectScanInfo::ConnectScanInfo() {
maxValidSD = -1; maxValidSD = -1;
numSDs = 0; numSDs = 0;
nextSD = -1; nextSD = -1;
if (o.max_parallelism > 0) { #ifndef WIN32
/* We can't issue a FD_SET operation with a socket descriptor greater than
* FD_SETSIZE, and we can't stop the OS from handing us ones that are greater
* than that, either, so leave a buffer here. */
maxSocketsAllowed = FD_SETSIZE - 10;
#else
/* Windows does not have an explicit limit, but we have to keep it below
* FD_SETSIZE or select() will fail. Fortunately, it's about the *number* of
* sockets, not the socket descriptor number, so we can run right up to that
* limit. */
maxSocketsAllowed = FD_SETSIZE - 1;
#endif
if (o.max_parallelism > 0 && o.max_parallelism < maxSocketsAllowed) {
maxSocketsAllowed = o.max_parallelism; maxSocketsAllowed = o.max_parallelism;
} }
#ifndef WIN32 #ifndef WIN32
else {
/* Subtracting 10 from max_sd accounts for /* Subtracting 10 from max_sd accounts for
stdin stdin
stdout stdout
@@ -103,21 +114,12 @@ ConnectScanInfo::ConnectScanInfo() {
-oS log file -oS log file
-oX log file -oX log file
perhaps another we've forgotten. */ perhaps another we've forgotten. */
maxSocketsAllowed = max_sd() - 10; int tmp_max_sd = max_sd() - 10;
if (maxSocketsAllowed < 5) if (tmp_max_sd < 5)
maxSocketsAllowed = 5; tmp_max_sd = 5;
} maxSocketsAllowed = MIN(maxSocketsAllowed, tmp_max_sd);
/* We can't issue a FD_SET operation with a socket descriptor greater than
* FD_SETSIZE, and we can't stop the OS from handing us ones that are greater
* than that, either, so leave a buffer here. */
maxSocketsAllowed = MIN(maxSocketsAllowed, FD_SETSIZE - 10);
#else
/* Windows does not have an explicit limit, but we have to keep it below
* FD_SETSIZE or select() will fail. Fortunately, it's about the *number* of
* sockets, not the socket descriptor number, so we can run right up to that
* limit. */
maxSocketsAllowed = MIN(maxSocketsAllowed, FD_SETSIZE - 1);
#endif #endif
assert(maxSocketsAllowed > 0);
FD_ZERO(&fds_read); FD_ZERO(&fds_read);
FD_ZERO(&fds_write); FD_ZERO(&fds_write);
FD_ZERO(&fds_except); FD_ZERO(&fds_except);