PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-10 09:49:05 +00:00
Code Issues Projects Releases Wiki Activity

Check for timeout when trying reserved ports

Browse Source 
rpc.Comm.Connect was trying to bind to 424 reserved ports, which is
overkill. Since nsock doesn't do an actual bind(2) call until
socket:connect for TCP, that meant up to 424 connect calls, each of
which is currently leaking a socket. This commit contains 3 fixes:

1. Add nmap.new_socket calls for non-privileged code path that were
moved inside the privileged loop to originally address the leak.

2. Check for TIMEOUT on each of the TCP connect calls and abandon the
Connect, avoiding many timeouts.

3. Try 10 random reserved ports (from 1 to 1024) instead of 400+.
Should be good odds of finding one unused, even when lots of threads are
trying (though empirical results would be helpful). Also, this should
reduce load since thread n won't need to fail n-1 bind attempts.
This commit is contained in:
dmiller
2012-09-21 02:39:48 +00:00
parent 23625913a8
commit 520651a9ed
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
nselib/rpc.lua
View File

@@ -166,27 +166,32 @@ Comm = {
if ( port.protocol == "tcp" ) then if ( port.protocol == "tcp" ) then
if nmap.is_privileged() then if nmap.is_privileged() then
-- Try to bind to a reserved port -- Try to bind to a reserved port
for resvport = 600, 1024, 1 do for i = 1, 10, 1 do
resvport = math.random(1, 1024)
socket = nmap.new_socket() socket = nmap.new_socket()
status, err = socket:bind(nil, resvport) status, err = socket:bind(nil, resvport)
if status then if status then
status, err = socket:connect(host, port) status, err = socket:connect(host, port)
if status then break end if status or err == "TIMEOUT" then break end
socket:close() socket:close()
end end
end end
else else
socket = nmap.new_socket()
status, err = socket:connect(host, port) status, err = socket:connect(host, port)
end end
else else
if nmap.is_privileged() then if nmap.is_privileged() then
-- Try to bind to a reserved port -- Try to bind to a reserved port
for resvport = 600, 1024, 1 do for i = 1, 10, 1 do
resvport = math.random(1, 1024)
socket = nmap.new_socket("udp") socket = nmap.new_socket("udp")
status, err = socket:bind(nil, resvport) status, err = socket:bind(nil, resvport)
if status then break end if status then break end
socket:close() socket:close()
end end
else
socket = nmap.new_socket("udp")
end end
end end
if (not(status)) then if (not(status)) then