PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Avoid runtime undefinedness due to integer overflow

Browse Source 
Using TIMEVAL_MSEC_SUBTRACT can lead to integer overflow when the times
are far apart (such as epoch (0) or uninitialized timeval and "now").
Instead, calculate the "deadline" and use TIMEVAL_AFTER to test.
This commit is contained in:
dmiller
2013-11-25 18:35:48 +00:00
parent 9e075b8140
commit ff7a0ea10d
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
scan_engine.cc
View File

@@ -1921,9 +1921,11 @@ int UltraScanInfo::removeCompletedHosts() {
HostScanStats *hss = NULL; HostScanStats *hss = NULL;
int hostsRemoved = 0; int hostsRemoved = 0;
bool timedout = false; bool timedout = false;
struct timeval compare;
/* We don't want to run this all of the time */ /* We don't want to run this all of the time */
if ((unsigned) TIMEVAL_MSEC_SUBTRACT(now, lastCompletedHostRemoval) > completedHostLifetime / 2) { TIMEVAL_MSEC_ADD(compare, lastCompletedHostRemoval, completedHostLifetime / 2);
if ( TIMEVAL_AFTER(now, compare) ) {
for (hostI = completedHosts.begin(); hostI != completedHosts.end(); hostI = nxt) { for (hostI = completedHosts.begin(); hostI != completedHosts.end(); hostI = nxt) {
nxt = hostI; nxt = hostI;
nxt++; nxt++;
@@ -1933,7 +1935,8 @@ int UltraScanInfo::removeCompletedHosts() {
if (hss == gstats->pinghost) if (hss == gstats->pinghost)
continue; continue;
if ((unsigned) TIMEVAL_MSEC_SUBTRACT(now, hss->completiontime) > completedHostLifetime) { TIMEVAL_MSEC_ADD(compare, hss->completiontime, completedHostLifetime);
if ( TIMEVAL_AFTER(now, compare) ) {
completedHosts.erase(hostI); completedHosts.erase(hostI);
hostsRemoved++; hostsRemoved++;
} }