From e22ebd5580ac84c109875ab2fff38a549da9522c Mon Sep 17 00:00:00 2001 From: david Date: Wed, 11 Nov 2009 17:49:31 +0000 Subject: [PATCH] Reset ss.numqueries_outstanding to 0 when giving up on an RPC port because of a lack of responses. Otherwise there is no way for that number to decrease after moving on to the next port, leading to an infinite loop. Lionel Cons reported the problem and provided a debug log at http://seclists.org/nmap-dev/2009/q4/364. --- CHANGELOG | 6 ++++++ scan_engine.cc | 1 + 2 files changed, 7 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index cc4f4b99b..626309e62 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,11 @@ # Nmap Changelog ($Id$); -*-text-*- +o Fixed a bug that could cause an infinite loop ("Unable to find + listening socket in get_rpc_results") in RPC scan. The loop would + happen when scanning a port that sent no responses, and there was at + least one other port to scan. Thanks to Lionel Cons for reporting + the problem. [David] + o [NSE] Improved the authentication used by the smb-* scripts. Instead of looking in a bunch of places (registry, commandline, etc) for the usernames/passwords, a table is kept. This lets us store any number diff --git a/scan_engine.cc b/scan_engine.cc index f24e3655b..628303ce1 100644 --- a/scan_engine.cc +++ b/scan_engine.cc @@ -5501,6 +5501,7 @@ void pos_scan(Target *target, u16 *portarray, int numports, stype scantype) { log_write(LOG_STDOUT, "RPC Scan giving up on port %hu proto %d due to repeated lack of response\n", rsi.rpc_current_port->portno, rsi.rpc_current_port->proto); } rsi.rpc_status = RPC_STATUS_NOT_RPC; + ss.numqueries_outstanding = 0; break; } else {