Added a maximum number of retries to mitigate a remote DoS in the RPC

packets parsing code. The number was chosen high to avoid decreasing accuracy. It's just about having an upper limit.
2025-12-09 14:11:29 +00:00 · 2012-10-20 14:59:53 +00:00
parent 8430ba2792
commit 16ea382e9b
1 changed files with 10 additions and 1 deletions
--- a/nselib/rpc.lua
+++ b/nselib/rpc.lua
@@ -408,7 +408,12 @@ Comm = {
      local tmp, lastfragment, length
      local data, pos = "", 1

+      -- Maximum number of allowed attempts to parse the received bytes. This
+      -- prevents the code from looping endlessly on invalid content.
+      local retries = 400
+
      repeat
+        retries = retries - 1
        lastfragment = false
        status, data = self:GetAdditionalBytes( data, pos, 4 )
        if ( not(status) ) then
@@ -453,7 +458,11 @@ Comm = {

        pos = pos + length
        data = bufcopy
-      until lastfragment == true
+      until (lastfragment == true) or (retries == 0)
+
+      if retries == 0 then
+        return false, "Aborted after too many retries"
+      end
      return true, data
    end
  end,