Modify ↓
#2503 closed defect (fixed)
Nmap floods JOSM, exhaust all memory
| Reported by: | fatbozz | Owned by: | team |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | Plugin | Version: | latest |
| Keywords: | nmap, memory leak, remote control | Cc: |
Description
Hello, Im using JOSM with remote control. This plugin listening on port 8111, see in debuglog. U tried to nmap this port by nmap localhost -p8111 -sT -sV I do nothing, JOSM just started and scanned. Then all memory is exhusted.
C:\java -Xmx1350M -jar -Dsun.java2d.d3d=false josm-latest.jar
loading DirectUpload
loading Intersect_way
loading measurement
loading multipoly
loading openstreetbugs
loading remotecontrol
RemoteControl::Accepting connections on port 8111
loading routing
2009-05-02 00:38:42 [com.innovant.josm.plugin.routing.RoutingPlugin] DEBUG - Loading routing plugin...
2009-05-02 00:38:42 [com.innovant.josm.plugin.routing.gui.RoutingPreferenceDialog] DEBUG - Default preferences already exist.
2009-05-02 00:38:42 [com.innovant.josm.plugin.routing.RoutingPlugin] DEBUG - Finished loading plugin
loading terracer
loading usertools
loading utilsplugin
Silent shortcut conflict: 'tools:jumpto' moved by 'tools:uploadtraces' to 'Ctrl+Shift+G'.
loading validator
loading wmsplugin
RemoteControl received:
java.util.NoSuchElementException
at java.util.StringTokenizer.nextToken(Unknown Source)
at org.openstreetmap.josm.plugins.remotecontrol.RequestProcessor.run(RequestProcessor.java:87)
RemoteControl received: GET / HTTP/1.0
RemoteControl received: OPTIONS / HTTP/1.0
RemoteControl received: OPTIONS / RTSP/1.0
RemoteControl received: HELP
java.util.NoSuchElementException
at java.util.StringTokenizer.nextToken(Unknown Source)
at org.openstreetmap.josm.plugins.remotecontrol.RequestProcessor.run(RequestProcessor.java:88)
RemoteControl received: ▬♥ S☺ O♥ ?G???,???`~? ??{????w????<=?o?►n ( ▬ ‼
java.util.NoSuchElementException
at java.util.StringTokenizer.nextToken(Unknown Source)
at org.openstreetmap.josm.plugins.remotecontrol.RequestProcessor.run(RequestProcessor.java:88)
RemoteControl received: GET /nice%20ports%2C/Tri%6Eity.txt%2ebak HTTP/1.0
RemoteControl received: ☺default
java.util.NoSuchElementException
at java.util.StringTokenizer.nextToken(Unknown Source)
at org.openstreetmap.josm.plugins.remotecontrol.RequestProcessor.run(RequestProcessor.java:88)
RemoteControl received: OPTIONS sip:nm SIP/2.0
java.lang.OutOfMemoryError: Java heap space
at java.util.Arrays.copyOf(Unknown Source)
at java.lang.AbstractStringBuilder.expandCapacity(Unknown Source)
at java.lang.AbstractStringBuilder.append(Unknown Source)
at java.lang.StringBuffer.append(Unknown Source)
at org.openstreetmap.josm.plugins.remotecontrol.RequestProcessor.run(RequestProcessor.java:81)
RemoteControl received: GET / HTTP/1.0
java.lang.OutOfMemoryError: Java heap space
at java.util.Arrays.copyOf(Unknown Source)
at java.lang.AbstractStringBuilder.expandCapacity(Unknown Source)
at java.lang.AbstractStringBuilder.append(Unknown Source)
at java.lang.StringBuffer.append(Unknown Source)
at org.openstreetmap.josm.plugins.remotecontrol.RequestProcessor.run(RequestProcessor.java:81)
java.lang.OutOfMemoryError: Java heap space
at java.util.Arrays.copyOf(Unknown Source)
at java.lang.AbstractStringBuilder.expandCapacity(Unknown Source)
at java.lang.AbstractStringBuilder.append(Unknown Source)
at java.lang.StringBuffer.append(Unknown Source)
at org.openstreetmap.josm.plugins.remotecontrol.RequestProcessor.run(RequestProcessor.java:81)
java.lang.OutOfMemoryError: Java heap space
at java.util.Arrays.copyOf(Unknown Source)
at java.lang.AbstractStringBuilder.expandCapacity(Unknown Source)
at java.lang.AbstractStringBuilder.append(Unknown Source)
at java.lang.StringBuffer.append(Unknown Source)
at org.openstreetmap.josm.plugins.remotecontrol.RequestProcessor.run(RequestProcessor.java:81)
java.lang.OutOfMemoryError: Java heap space
Here is output from NMAP
Starting Nmap 4.76 ( http://nmap.org ) at 2009-05-02 00:39 St°ednÝ Evropa (bý×nř Ŕas) Interesting ports on localhost (127.0.0.1): PORT STATE SERVICE VERSION 8111/tcp open unknown 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi -bin/servicefp-submit.cgi : SF-Port8111-TCP:V=4.76%I=7%D=5/2%Time=49FB7A0C%P=i686-pc-windows-windows%r SF:(GenericLines,FC,"HTTP/1\.1\x20500\x20Internal\x20Server\x20Error\r\nDa SF:te:\x20Sat\x20May\x2002\x2000:39:08\x20CEST\x202009\r\nServer:\x20JOSM\ SF:x20RemoteControl\r\nContent-type:\x20text/html\r\n\r\n<HTML>\r\n<HEAD>< SF:TITLE>Internal\x20Error</TITLE>\r\n</HEAD>\r\n<BODY><H1>HTTP\x20Error\x SF:20500:\x20Internal\x20Server\x20Error</h2>\r\n</BODY></HTML>\r\n")%r(Ge SF:tRequest,85,"HTTP/1\.1\x20200\x20OK\r\nDate:\x20Sat\x20May\x2002\x2000: SF:39:08\x20CEST\x202009\r\nServer:\x20JOSM\x20RemoteControl\r\nContent-ty SF:pe:\x20text/plain\r\nContent-length:\x204\r\n\r\nOK\r\n")%r(HTTPOptions SF:,F1,"HTTP/1\.1\x20501\x20Not\x20Implemented\r\nDate:\x20Sat\x20May\x200 SF:2\x2000:39:08\x20CEST\x202009\r\nServer:\x20JOSM\x20RemoteControl\r\nCo SF:ntent-type:\x20text/html\r\n\r\n<HTML>\r\n<HEAD><TITLE>Not\x20Implement SF:ed</TITLE>\r\n</HEAD>\r\n<BODY><H1>HTTP\x20Error\x20501:\x20Not\x20Impl SF:emented</h2>\r\n</BODY></HTML>\r\n")%r(RTSPRequest,F1,"HTTP/1\.1\x20501 SF:\x20Not\x20Implemented\r\nDate:\x20Sat\x20May\x2002\x2000:39:08\x20CEST SF:\x202009\r\nServer:\x20JOSM\x20RemoteControl\r\nContent-type:\x20text/h SF:tml\r\n\r\n<HTML>\r\n<HEAD><TITLE>Not\x20Implemented</TITLE>\r\n</HEAD> SF:\r\n<BODY><H1>HTTP\x20Error\x20501:\x20Not\x20Implemented</h2>\r\n</BOD SF:Y></HTML>\r\n")%r(Help,FC,"HTTP/1\.1\x20500\x20Internal\x20Server\x20Er SF:ror\r\nDate:\x20Sat\x20May\x2002\x2000:39:23\x20CEST\x202009\r\nServer: SF:\x20JOSM\x20RemoteControl\r\nContent-type:\x20text/html\r\n\r\n<HTML>\r SF:\n<HEAD><TITLE>Internal\x20Error</TITLE>\r\n</HEAD>\r\n<BODY><H1>HTTP\x SF:20Error\x20500:\x20Internal\x20Server\x20Error</h2>\r\n</BODY></HTML>\r SF:\n")%r(SSLSessionReq,FC,"HTTP/1\.1\x20500\x20Internal\x20Server\x20Erro SF:r\r\nDate:\x20Sat\x20May\x2002\x2000:39:23\x20CEST\x202009\r\nServer:\x SF:20JOSM\x20RemoteControl\r\nContent-type:\x20text/html\r\n\r\n<HTML>\r\n SF:<HEAD><TITLE>Internal\x20Error</TITLE>\r\n</HEAD>\r\n<BODY><H1>HTTP\x20 SF:Error\x20500:\x20Internal\x20Server\x20Error</h2>\r\n</BODY></HTML>\r\n SF:")%r(FourOhFourRequest,85,"HTTP/1\.1\x20200\x20OK\r\nDate:\x20Sat\x20Ma SF:y\x2002\x2000:39:33\x20CEST\x202009\r\nServer:\x20JOSM\x20RemoteControl SF:\r\nContent-type:\x20text/plain\r\nContent-length:\x204\r\n\r\nOK\r\n"); Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 68.19 seconds
Attachments (0)
Change History (3)
comment:1 by , 17 years ago
| Priority: | critical → minor |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
comment:2 by , 17 years ago
But some curious boys or girls can run scan in inner network, it isnt problem on wan-lan interface.
comment:3 by , 17 years ago
remotecontrol opens the port only for localhost traffic. Therefore it can be only a problem on computers used by multiple users at the same time.
Note:
See TracTickets
for help on using tickets.
Fixed this particular problem, but in general the remote control plugin does not aim to be immune against any sort of garbage you maliciously throw at it - do not run your computer in a way that makes port 8111 (or indeed any port apart from those really required) accessible from hostile networks.