-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix race condition when scanning short ranges #16617
Conversation
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
Yeah that makes sense. A configurable sleep probably would be the best option. I wasn't entirely sure that the time should scale with the hosts either, in which case I was thinking a minimum was probably the safest option. Right now it looks like the |
@NikitaKovaljov just wondering if you have any thoughts regarding the above comments or if we want to keep things as is? Just want to make sure this isn't forgotten about. |
Hi @smcintyre-r7 , Just now added our idea with datastore['TIMEOUT'] - tested locally seems legit. Now waiting for github check to complete. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes look good now and I confirmed this fixed the original issue. In the screenshot below you can see the options are the same and when scanning 2 hosts, the race condition would cause the unpatched version to miss the hosts that were online. I ran this a few times and observed that the patched module consistently reported the results while the unpatched was hit or miss.
I'll get this landed in a moment, thanks for the bug fix @NikitaKovaljov !
Release NotesThis fixes a race condition that was present in the |
Reference to Issue
Verification without changes
run
./msfconsole
use
ipv6_neighbor.rb
module without changes.set rhosts
10.0.0.1-6
run module
run or exploit
Current behavior
Verification with changes
run
./msfconsole
use
ipv6_neighbor.rb
module with changes.set rhosts
10.0.0.1-6
run module
run or exploit
Fixed behavior