Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Socket handle leak in http.lua

From: Ron <ron () skullsecurity net>
Date: Tue, 18 Aug 2009 19:13:10 -0500
On 08/18/2009 06:12 PM, Ron wrote:

While doing a large scan with a http script, we ran into an issue with
running out of sockets fairly quickly. Brandon pointed me at the same
issue occurring almost exactly a year ago, but the patch had already
been applied and doesn't seem to have fixed the problem.


By a year ago, I mean a month ago -- sorry for my inability to read
dates. Here's the reference:
http://seclists.org/nmap-dev/2009/q3/0470.html

Either way, the bug still appears to be present, and I'm having trouble
tracking down the reason. I agree that it's somewhere in tryssl(), but I
don't know exactly where.
David managed to track this down. Turns out, it was in Nsock's automatic SSL version fallback. 

The fix is committed in r15098.

Thanks!
Ron

--
Ron Bowes
http://www.skullsecurity.org/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: