From 16ea382e9b9040aa0a8e12a227f13b291b1eda40 Mon Sep 17 00:00:00 2001
From: henri <henri@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sat, 20 Oct 2012 14:59:53 +0000
Subject: [PATCH] Added a maximum number of retries to mitigate a remote DoS in
 the RPC packets parsing code. The number was chosen high to avoid decreasing
 accuracy. It's just about having an upper limit.

---
 nselib/rpc.lua | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/nselib/rpc.lua b/nselib/rpc.lua
index 1399b6a05..cb389a7ae 100644
--- a/nselib/rpc.lua
+++ b/nselib/rpc.lua
@@ -408,7 +408,12 @@ Comm = {
       local tmp, lastfragment, length
       local data, pos = "", 1
 
+      -- Maximum number of allowed attempts to parse the received bytes. This
+      -- prevents the code from looping endlessly on invalid content.
+      local retries = 400
+
       repeat
+        retries = retries - 1
         lastfragment = false
         status, data = self:GetAdditionalBytes( data, pos, 4 )
         if ( not(status) ) then
@@ -453,7 +458,11 @@ Comm = {
 
         pos = pos + length
         data = bufcopy
-      until lastfragment == true
+      until (lastfragment == true) or (retries == 0)
+
+      if retries == 0 then
+        return false, "Aborted after too many retries"
+      end
       return true, data
     end
   end,