Skip to content

Goroutine Leak ConnectVerfication() -> Limitter #1250

Closed
Bug
#1253
Closed
Goroutine Leak ConnectVerfication() -> Limitter#1250
Bug
#1253
Labels
Status: CompletedNothing further to be done with this issue. Awaiting to be closed.Type: BugInconsistencies or issues which will cause an issue or problem for users or implementors.
Milestone
naabu v2.3.2
@awerqo

Description

@awerqo
awerqo
opened on Oct 21, 2024

When invoke ConnectVerfication() func in runner it creates new limiter on line 717

naabu/v2/pkg/runner/runner.go

Lines 714 to 717 in 10f5605

func (r *Runner) ConnectVerification() {
r.scanner.ListenHandler.Phase.Set(scan.Scan)
var swg sync.WaitGroup
limiter := ratelimit.New(context.Background(), uint(r.options.Rate), time.Second)

Creating new instances of Limiter starts new goroutine:
https://github.com/projectdiscovery/ratelimit/blob/77dad731f2e9a2e98564787086ade7be2ac33b4e/ratelimit.go#L112-L129

And it closed only if any of two contexts done https://github.com/projectdiscovery/ratelimit/blob/main/ratelimit.go#L39-L45

select {
case <-ctx.Done():
	// Internal Context
	imiter.ticker.Stop()
	eturn
case <-limiter.ctx.Done():
	limiter.ticker.Stop()
	return
case ...

So this happens if original context done or if we call stop method https://github.com/projectdiscovery/ratelimit/blob/77dad731f2e9a2e98564787086ade7be2ac33b4e/ratelimit.go#L101-L106 that cancel second, created context https://github.com/projectdiscovery/ratelimit/blob/77dad731f2e9a2e98564787086ade7be2ac33b4e/ratelimit.go#L113

As we can see, when we invoke ConnectVerification() it creates new instance of limiter with context.Background() and not invoke Stop() later:

naabu/v2/pkg/runner/runner.go

Lines 717 to 733 in 10f5605

limiter := ratelimit.New(context.Background(), uint(r.options.Rate), time.Second)
verifiedResult := result.NewResult()
for hostResult := range r.scanner.ScanResults.GetIPsPorts() {
limiter.Take()
swg.Add(1)
go func(hostResult *result.HostResult) {
defer swg.Done()
results := r.scanner.ConnectVerify(hostResult.IP, hostResult.Ports)
verifiedResult.SetPorts(hostResult.IP, results)
}(hostResult)
}
r.scanner.ScanResults = verifiedResult
swg.Wait()

So, we leak goroutine every ConnectVerification() call, what sometimes creates problems if we work with naabu in SDK mode

Thanks

Metadata

Metadata

Assignees

No one assigned

    Labels

    Status: CompletedNothing further to be done with this issue. Awaiting to be closed.Type: BugInconsistencies or issues which will cause an issue or problem for users or implementors.

    Type

    Bug

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions