• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Crash in AsyncSocket when scanning with nmap
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Crash in AsyncSocket when scanning with nmap

  • Subject: Crash in AsyncSocket when scanning with nmap
  • From: "Martin Redington" <email@hidden>
  • Date: Thu, 8 Feb 2007 22:12:58 +0000
I'm using Dustin Voss's AsyncSocket to listen for incoming
connections, and am seeing a replicable crash, every time,  when I
portscan my app with nmap, from the same machine (but presumably from
any machine), with the following stack trace:

#0	0x9082661f in CFDataGetBytePtr
#1	0x000102f6 in -[AsyncSocket addressPort:]
#2	0x0000d939 in -[AsyncSocket doStreamOpen]
#3	0x000102b9 in MyCFReadStreamCallback
#4	0x90876d4e in _CFStreamSignalEventSynch
#5	0x90829441 in CFRunLoopRunSpecific
#6	0x90828eb5 in CFRunLoopRunInMode
#7	0x9262adc6 in -[NSRunLoop runMode:beforeDate:]
#8	0x000e0939 in +[MMIUtils(MultiThreading) performSelectorInConnectionThread:]
#9	0x925f536c in forkThreadForFunction
#10	0x90023d87 in _pthread_body

Note: I'm using SSL as well on top.

AsyncSocket's addressPort method looks like this:

- (UInt16) addressPort: (CFDataRef)cfaddr
{
   struct sockaddr_in *pAddr = (struct sockaddr_in *)
CFDataGetBytePtr (cfaddr);
   return ntohs (pAddr->sin_port);
}

and addressPort is being called in this context:

   CFDataRef peer = CFSocketCopyPeerAddress (theSocket);
   // irrelevant context deleted.
   [self addressPort:peer];
   CFRelease (peer);

Where theSocket is of type CFSocketRef, and is apparently being set as follows:

   CFSocketNativeHandle native;
   CFDataRef nativeProp = CFReadStreamCopyProperty (theReadStream,
kCFStreamPropertySocketNativeHandle);

   // some error checking deleted (nativeProp !=NULL)

   CFDataGetBytes (nativeProp, CFRangeMake(0,
CFDataGetLength(nativeProp)), (UInt8 *)&native);
   CFRelease (nativeProp);

   theSocket = CFSocketCreateWithNative (kCFAllocatorDefault, native,
0, NULL, NULL);

As a naive guess, I'd say that nmap is doing something, in terms of
it's port scanning behaviour, that results in the native socket handle
property on the readstream being invalid - possibly it may be caused
by nmap's opening and closing the connection as quickly as possible.

I'm also guessing (and feel free to correct me) that this is a defect
in the underlying CFNetworking framework, rather than nmap or
AsyncSocket. Surely the kCFStreamPropertySocketNativeHandle property
should be valid, or NULL?

Apart from DoS, does this represent any kind of security risk? Its
doesn't seem like a buffer overflow, but is still pretty dismaying.

Any tips on how to mitigate the portscan of death would also be welcome.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Crash in AsyncSocket when scanning with nmap

      • From: Quinn <email@hidden>
      • 



    

  • Prev by Date:
Re: thread_call_allocate Loading error

    • 

  • Next by Date:
Re: Crash in AsyncSocket when scanning with nmap

    • 

  • Previous by thread:
Re: thread_call_allocate Loading error

    • 

  • Next by thread:
Re: Crash in AsyncSocket when scanning with nmap

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •