AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Unsafe Socket Resource Release

Attackers can leave the application in an unresponsive state such as denial of service causing customers to wait for a long time

Severity

High

Fix Cost

Low

Trust Level

Medium

Although getting richer every 18-months or so, computing environments have limited resources. These resources should be release after they are being used with success or failure in order to be used later on. Availability of a system depends on this.

Unmanaged resources implement the IDisposable interface to allow reserved resources to be freed for further and future usages.

The code below doesn't release socket networking resource it takes upon an exception. However, APIs such as Socket should be release properly.

                
IPEndPoint ipe = new IPEndPoint(address, port);
var sock = new Socket(ipe.AddressFamily, SocketType.Stream, ProtocolType.Tcp);

sock.Connect(ipe);

if(sock.Connected)
                {
Byte[] bytesSent = Encoding.ASCII.GetBytes(request);
Byte[] bytesReceived = new Byte[256];
 
sock.Send(bytesSent, bytesSent.Length, 0);
int bytes = 0;
string output = "Output:\r\n";
 
do {
bytes = sock.Receive(bytesReceived, bytesReceived.Length, 0);
output += Encoding.ASCII.GetString(bytesReceived, 0, bytes);
}
while (bytes > 0);  

sock.Close(); 
return output;
}
                    
              

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!