Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [nse] bug: a race in broadcast-dhcp-discover.nse

From: David Fifield <david () bamsoftware com>
Date: Mon, 9 Jan 2012 19:30:04 -0800
On Sat, Oct 01, 2011 at 12:01:51PM +0400, Vasiliy Kulikov wrote:

    action = function()
        ...
        local status, packet = dhcp.dhcp_build(request_type, ip_address, mac, request_options, overrides, lease_time, 
transaction_id)
        ...
        socket:sendto( host, port, packet )
        ...
        -- start a listening thread for each interface
        for iface, _ in pairs(interfaces) do
            local co = stdnse.new_thread( dhcp_listener, iface, timeout, transaction_id, result )
            threads[co] = true
        end
        ...
    end

    local function dhcp_listener(iface, timeout, xid, result)
        ...
        sock:pcap_open(iface, 1500, false, "ip && udp && port 68")
        ...
    end

The packet is sent before pcap_open().  If our host is slow and remote
host is fast, we'll get a result before we start to listen.  IOW the
response will be lost.


I think this is fixed now in r27791.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: