PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-02-15 09:56:33 +00:00
Code Issues Projects Releases Wiki Activity

Fix a segfault due to Nsock event leak in NSE.

Browse Source
This commit is contained in:
dmiller
2016-07-21 21:36:40 +00:00
parent 24976fe9c8
commit 98d5fd7625
2 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
nse_nsock.cc
View File

@@ -352,12 +352,12 @@ static void callback (nsock_pool nsp, nsock_event nse, void *ud)
lua_State *L = nu->thread;
if (lua_status(L) == LUA_OK && nse_status(nse) == NSE_STATUS_ERROR) {
// Sometimes Nsock fails immediately and callback is called before
// l_connect has a chance to yield. TODO: Figure out how to return an error
// to the calling thread without falling into an infinite loop somewhere.
// l_connect has a chance to yield. We'll use nu->action to signal
// l_connect to return an error instead of yielding.
// http://seclists.org/nmap-dev/2016/q1/201
trace(nse_iod(nse), nu->action, nu->direction);
nsock_iod_delete(nu->nsiod, NSOCK_PENDING_NOTIFY);
luaL_error(L, "Nsock immediate error");
nu->action = "ERROR";
return;
}
assert(lua_status(L) == LUA_YIELD);
trace(nse_iod(nse), nu->action, nu->direction);
@@ -549,6 +549,11 @@ static int connect (lua_State *L, int status, lua_KContext ctx)
if (dest != NULL)
freeaddrinfo(dest);
if (!strncmp(nu->action, "ERROR", 5)) {
// Immediate error
return nseU_safeerror(L, "Nsock connect failed immediately");
}
return yield(L, nu, "CONNECT", TO, 0, NULL);
}