sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-11 19:21:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix(httpshandler): close socket when SSL handshake fails with exception

Browse Source 
When iterating through SSL/TLS protocols during connection establishment, the socket was not being closed when wrap_socket raised an exception. This caused socket resource leaks when connecting to servers that reject certain protocol versions.

The fix adds sock.close() calls to both exception handlers, matching the existing pattern used for non-exception failure cases.
This commit is contained in:
fxrhan 2026-01-03 22:13:34 +05:30
parent 737f2279e2
commit c447cb6a2a
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/request/httpshandler.py
View File

@ -94,6 +94,7 @@ class HTTPSConnection(_http_client.HTTPSConnection):
sock.close() sock.close()
except (ssl.SSLError, socket.error, _http_client.BadStatusLine, AttributeError) as ex: except (ssl.SSLError, socket.error, _http_client.BadStatusLine, AttributeError) as ex:
self._tunnel_host = None self._tunnel_host = None
sock.close()
logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex))) logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex)))
elif hasattr(ssl, "wrap_socket"): elif hasattr(ssl, "wrap_socket"):
@ -111,6 +112,7 @@ class HTTPSConnection(_http_client.HTTPSConnection):
sock.close() sock.close()
except (ssl.SSLError, socket.error, _http_client.BadStatusLine) as ex: except (ssl.SSLError, socket.error, _http_client.BadStatusLine) as ex:
self._tunnel_host = None self._tunnel_host = None
sock.close()
logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex))) logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex)))
if not success: if not success: