Reset ss.numqueries_outstanding to 0 when giving up on an RPC port

because of a lack of responses. Otherwise there is no way for that number to decrease after moving on to the next port, leading to an infinite loop. Lionel Cons reported the problem and provided a debug log at http://seclists.org/nmap-dev/2009/q4/364.
2025-12-09 06:01:28 +00:00 · 2009-11-11 17:49:31 +00:00
parent 3432ae3ad5
commit e22ebd5580
2 changed files with 7 additions and 0 deletions
--- a/6
+++ b/6
@@ -1,5 +1,11 @@
 # Nmap Changelog ($Id$); -*-text-*-

+o Fixed a bug that could cause an infinite loop ("Unable to find
+  listening socket in get_rpc_results") in RPC scan. The loop would
+  happen when scanning a port that sent no responses, and there was at
+  least one other port to scan. Thanks to Lionel Cons for reporting
+  the problem. [David]
+
 o [NSE] Improved the authentication used by the smb-* scripts. Instead of 
  looking in a bunch of places (registry, commandline, etc) for the
  usernames/passwords, a table is kept. This lets us store any number
--- a/scan_engine.cc
+++ b/scan_engine.cc
@@ -5501,6 +5501,7 @@ void pos_scan(Target *target, u16 *portarray, int numports, stype scantype) {
 		    log_write(LOG_STDOUT, "RPC Scan giving up on port %hu proto %d due to repeated lack of response\n", rsi.rpc_current_port->portno,  rsi.rpc_current_port->proto);
 		  }
 		  rsi.rpc_status = RPC_STATUS_NOT_RPC;
+		  ss.numqueries_outstanding = 0;
 		  break;
 		}
 		else {