#89 WebKit crash with socket error 53 during nmap scan

closed-fixed
WebKit (58)
5
2008-02-02
2007-09-20
No

I see this problem with Webware-0.9.3 but I expect it exists in earlier revisions. Our operating system is NetBSD 3.1

An nmap scan can crash a WebKit-based application. e.g.,

nmap -sT -p12345 myhost

Causes our application to fail with this traceback

Traceback (most recent call last):
File "/path/to/Webware/WebKit/ThreadedAppServer.py", line 926, in run
server.mainloop()
File "/path/to/Webware/WebKit/ThreadedAppServer.py", line 258, in mainloop
client, addr = sock.accept()
File "/usr/pkg/lib/python2.4/socket.py", line 169, in accept
sock, addr = self._sock.accept()
error: (53, 'Software caused connection abort')

So far as I know, the best way to handle this error is to retry the accept. I attach a patch which does this.

Discussion

  • Patch which handles the error

     
    Attachments
  • Logged In: NO

    errno.EGAIN and errno.EINTR had better be handled as well?

     
    • assigned_to: nobody --> cito
     
  • Logged In: YES
    user_id=193957
    Originator: NO

    Thanks for the bug report. I could not reproduce this under Windows and Linux where I could not provoke any exceptions from socket.accept() using nmap. Either NetBSD or your nmap version seems to behave differently.

    I have fixed the problem anyway in r7062, but instead of retrying the accept, I simply ignore it, because retrying may open the door for DOS attacks.

    Can you check my fix on your NetBSD box?

     
    • status: open --> closed-fixed