[NSE] rpc.lua fix for binding to reserved ports (tcp)

[Daniel Miller <bonsaiviking () gmail com>]

List,

This issue has come up previously (), but we missed a situation that 
I've run into: When a host stops responding to probes (possibly due to 
an adaptive firewall detecting the portscan phase), rpc-grind and 
possibly other scripts will take a long time timing out with every 
source port between 600 and 1024, since that portion of rpc.lua doesn't 
check the type of failure (timeout vs. port in use, specifically). 
Here's a patch to add that check:

--- a/nselib/rpc.lua
+++ b/nselib/rpc.lua
@@ -171,9 +171,14 @@ Comm = {
             status, err = socket:bind(nil, resvport)
             if status then
               status, err = socket:connect(host, port)
-              if status then break end
+              if status or err == "TIMEOUT" then break end
             end
           end
+          if not status and err ~= "TIMEOUT" then
+            stdnse.print_debug("%s reserved port bind failed, trying 
ephemeral port", self.program)
+            socket = nmap.new_socket()
+            status, err = socket:connect(host, port)
+          end
         else
           status, err = socket:connect(host, port)
         end

The only thing I'm not sure about is whether to explicitly check for 
TIMEOUT the first time, or simply check for err ~= "ERROR", which is 
what ought to happen with EADDRINUSE. Thoughts?

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/