#89 WebKit crash with socket error 53 during nmap scan

WebKit (58)

I see this problem with Webware-0.9.3 but I expect it exists in earlier revisions. Our operating system is NetBSD 3.1

An nmap scan can crash a WebKit-based application. e.g.,

nmap -sT -p12345 myhost

Causes our application to fail with this traceback

Traceback (most recent call last):
File "/path/to/Webware/WebKit/ThreadedAppServer.py", line 926, in run
File "/path/to/Webware/WebKit/ThreadedAppServer.py", line 258, in mainloop
client, addr = sock.accept()
File "/usr/pkg/lib/python2.4/socket.py", line 169, in accept
sock, addr = self._sock.accept()
error: (53, 'Software caused connection abort')

So far as I know, the best way to handle this error is to retry the accept. I attach a patch which does this.


  • Patch which handles the error

  • Logged In: NO

    errno.EGAIN and errno.EINTR had better be handled as well?

    • assigned_to: nobody --> cito
  • Logged In: YES
    Originator: NO

    Thanks for the bug report. I could not reproduce this under Windows and Linux where I could not provoke any exceptions from socket.accept() using nmap. Either NetBSD or your nmap version seems to behave differently.

    I have fixed the problem anyway in r7062, but instead of retrying the accept, I simply ignore it, because retrying may open the door for DOS attacks.

    Can you check my fix on your NetBSD box?

    • status: open --> closed-fixed