From fa404e03c92e1c96c06831e219c05bab9ecb1957 Mon Sep 17 00:00:00 2001
From: batrick <batrick@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 2 Jul 2009 02:41:11 +0000
Subject: [PATCH] [NSE] This patch is related to the change to eliminate the
 reliance on GC for collecting socket locks [1].

If a thread does not close any sockets it creates, and then
returns (or errors), the thread and sockets will keep their "lock" until
garbage collected. This would be the same situation as before in this
particular case (reliance on GC).

To fix this, I have changed the socket unlock system to close all the sockets
of a thread not yielded and remove its "lock".

[1] http://seclists.org/nmap-dev/2009/q2/0624.html
---
 nse_nsock.cc | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/nse_nsock.cc b/nse_nsock.cc
index d1dc5f225..eae996ad8 100644
--- a/nse_nsock.cc
+++ b/nse_nsock.cc
@@ -320,16 +320,29 @@ static void socket_unlock(lua_State * L)
   {
     unsigned open = 0;
 
-    lua_pushnil(L);
-    while (lua_next(L, -2) != 0) /* for each socket */
+    if (lua_status(lua_tothread(L, -2)) == LUA_YIELD)
     {
-      lua_pop(L, 1); /* pop garbage boolean */
-      if (((struct l_nsock_udata *) lua_touserdata(L, -1))->nsiod != NULL)
-        open++;
+      lua_pushnil(L);
+      while (lua_next(L, -2) != 0) /* for each socket */
+      {
+        lua_pop(L, 1); /* pop garbage boolean */
+        if (((struct l_nsock_udata *) lua_touserdata(L, -1))->nsiod != NULL)
+          open++;
+      }
     }
 
     if (open == 0) /* thread has no open sockets? */
     {
+      /* close all of its sockets */
+      lua_pushnil(L);
+      while (lua_next(L, -2) != 0) /* for each socket */
+      {
+        lua_pop(L, 1); /* pop garbage boolean */
+        lua_getfield(L, -1, "close");
+        lua_pushvalue(L, -2);
+        lua_call(L, 1, 0);
+      }
+
       lua_pushvalue(L, -2); /* thread key */
       lua_pushnil(L);
       lua_rawset(L, top+1); /* THREADS_SOCKETS */