id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
2503	Nmap floods JOSM, exhaust all memory	fatbozz	team	"Hello, Im using JOSM with '''remote control'''. This plugin listening on port 8111, see in debuglog. U tried to nmap this port by '''nmap localhost -p8111 -sT -sV''' I do nothing, JOSM just started and scanned. Then all memory is exhusted.
{{{
C:\java -Xmx1350M -jar -Dsun.java2d.d3d=false josm-latest.jar
loading DirectUpload
loading Intersect_way
loading measurement
loading multipoly
loading openstreetbugs
loading remotecontrol
RemoteControl::Accepting connections on port 8111
loading routing
2009-05-02 00:38:42 [com.innovant.josm.plugin.routing.RoutingPlugin] DEBUG - Loading routing plugin...
2009-05-02 00:38:42 [com.innovant.josm.plugin.routing.gui.RoutingPreferenceDialog] DEBUG - Default preferences already exist.
2009-05-02 00:38:42 [com.innovant.josm.plugin.routing.RoutingPlugin] DEBUG - Finished loading plugin
loading terracer
loading usertools
loading utilsplugin
Silent shortcut conflict: 'tools:jumpto' moved by 'tools:uploadtraces' to 'Ctrl+Shift+G'.
loading validator
loading wmsplugin
RemoteControl received:
java.util.NoSuchElementException
        at java.util.StringTokenizer.nextToken(Unknown Source)
        at org.openstreetmap.josm.plugins.remotecontrol.RequestProcessor.run(RequestProcessor.java:87)
RemoteControl received: GET / HTTP/1.0
RemoteControl received: OPTIONS / HTTP/1.0
RemoteControl received: OPTIONS / RTSP/1.0
RemoteControl received: HELP
java.util.NoSuchElementException
        at java.util.StringTokenizer.nextToken(Unknown Source)
        at org.openstreetmap.josm.plugins.remotecontrol.RequestProcessor.run(RequestProcessor.java:88)
RemoteControl received: ▬♥  S☺  O♥ ?G???,???`~? ??{????w????<=?o?►n  ( ▬ ‼
java.util.NoSuchElementException
        at java.util.StringTokenizer.nextToken(Unknown Source)
        at org.openstreetmap.josm.plugins.remotecontrol.RequestProcessor.run(RequestProcessor.java:88)
RemoteControl received: GET /nice%20ports%2C/Tri%6Eity.txt%2ebak HTTP/1.0
RemoteControl received: ☺default
java.util.NoSuchElementException
        at java.util.StringTokenizer.nextToken(Unknown Source)
        at org.openstreetmap.josm.plugins.remotecontrol.RequestProcessor.run(RequestProcessor.java:88)
RemoteControl received: OPTIONS sip:nm SIP/2.0
java.lang.OutOfMemoryError: Java heap space
        at java.util.Arrays.copyOf(Unknown Source)
        at java.lang.AbstractStringBuilder.expandCapacity(Unknown Source)
        at java.lang.AbstractStringBuilder.append(Unknown Source)
        at java.lang.StringBuffer.append(Unknown Source)
        at org.openstreetmap.josm.plugins.remotecontrol.RequestProcessor.run(RequestProcessor.java:81)
RemoteControl received: GET / HTTP/1.0
java.lang.OutOfMemoryError: Java heap space
        at java.util.Arrays.copyOf(Unknown Source)
        at java.lang.AbstractStringBuilder.expandCapacity(Unknown Source)
        at java.lang.AbstractStringBuilder.append(Unknown Source)
        at java.lang.StringBuffer.append(Unknown Source)
        at org.openstreetmap.josm.plugins.remotecontrol.RequestProcessor.run(RequestProcessor.java:81)
java.lang.OutOfMemoryError: Java heap space
        at java.util.Arrays.copyOf(Unknown Source)
        at java.lang.AbstractStringBuilder.expandCapacity(Unknown Source)
        at java.lang.AbstractStringBuilder.append(Unknown Source)
        at java.lang.StringBuffer.append(Unknown Source)
        at org.openstreetmap.josm.plugins.remotecontrol.RequestProcessor.run(RequestProcessor.java:81)
java.lang.OutOfMemoryError: Java heap space
        at java.util.Arrays.copyOf(Unknown Source)
        at java.lang.AbstractStringBuilder.expandCapacity(Unknown Source)
        at java.lang.AbstractStringBuilder.append(Unknown Source)
        at java.lang.StringBuffer.append(Unknown Source)
        at org.openstreetmap.josm.plugins.remotecontrol.RequestProcessor.run(RequestProcessor.java:81)
java.lang.OutOfMemoryError: Java heap space
}}}


Here is output from NMAP

{{{
Starting Nmap 4.76 ( http://nmap.org ) at 2009-05-02 00:39 St°ednÝ Evropa (bý×nř Ŕas)
Interesting ports on localhost (127.0.0.1):
PORT     STATE SERVICE VERSION
8111/tcp open  unknown
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi
-bin/servicefp-submit.cgi :
SF-Port8111-TCP:V=4.76%I=7%D=5/2%Time=49FB7A0C%P=i686-pc-windows-windows%r
SF:(GenericLines,FC,""HTTP/1\.1\x20500\x20Internal\x20Server\x20Error\r\nDa
SF:te:\x20Sat\x20May\x2002\x2000:39:08\x20CEST\x202009\r\nServer:\x20JOSM\
SF:x20RemoteControl\r\nContent-type:\x20text/html\r\n\r\n<HTML>\r\n<HEAD><
SF:TITLE>Internal\x20Error</TITLE>\r\n</HEAD>\r\n<BODY><H1>HTTP\x20Error\x
SF:20500:\x20Internal\x20Server\x20Error</h2>\r\n</BODY></HTML>\r\n"")%r(Ge
SF:tRequest,85,""HTTP/1\.1\x20200\x20OK\r\nDate:\x20Sat\x20May\x2002\x2000:
SF:39:08\x20CEST\x202009\r\nServer:\x20JOSM\x20RemoteControl\r\nContent-ty
SF:pe:\x20text/plain\r\nContent-length:\x204\r\n\r\nOK\r\n"")%r(HTTPOptions
SF:,F1,""HTTP/1\.1\x20501\x20Not\x20Implemented\r\nDate:\x20Sat\x20May\x200
SF:2\x2000:39:08\x20CEST\x202009\r\nServer:\x20JOSM\x20RemoteControl\r\nCo
SF:ntent-type:\x20text/html\r\n\r\n<HTML>\r\n<HEAD><TITLE>Not\x20Implement
SF:ed</TITLE>\r\n</HEAD>\r\n<BODY><H1>HTTP\x20Error\x20501:\x20Not\x20Impl
SF:emented</h2>\r\n</BODY></HTML>\r\n"")%r(RTSPRequest,F1,""HTTP/1\.1\x20501
SF:\x20Not\x20Implemented\r\nDate:\x20Sat\x20May\x2002\x2000:39:08\x20CEST
SF:\x202009\r\nServer:\x20JOSM\x20RemoteControl\r\nContent-type:\x20text/h
SF:tml\r\n\r\n<HTML>\r\n<HEAD><TITLE>Not\x20Implemented</TITLE>\r\n</HEAD>
SF:\r\n<BODY><H1>HTTP\x20Error\x20501:\x20Not\x20Implemented</h2>\r\n</BOD
SF:Y></HTML>\r\n"")%r(Help,FC,""HTTP/1\.1\x20500\x20Internal\x20Server\x20Er
SF:ror\r\nDate:\x20Sat\x20May\x2002\x2000:39:23\x20CEST\x202009\r\nServer:
SF:\x20JOSM\x20RemoteControl\r\nContent-type:\x20text/html\r\n\r\n<HTML>\r
SF:\n<HEAD><TITLE>Internal\x20Error</TITLE>\r\n</HEAD>\r\n<BODY><H1>HTTP\x
SF:20Error\x20500:\x20Internal\x20Server\x20Error</h2>\r\n</BODY></HTML>\r
SF:\n"")%r(SSLSessionReq,FC,""HTTP/1\.1\x20500\x20Internal\x20Server\x20Erro
SF:r\r\nDate:\x20Sat\x20May\x2002\x2000:39:23\x20CEST\x202009\r\nServer:\x
SF:20JOSM\x20RemoteControl\r\nContent-type:\x20text/html\r\n\r\n<HTML>\r\n
SF:<HEAD><TITLE>Internal\x20Error</TITLE>\r\n</HEAD>\r\n<BODY><H1>HTTP\x20
SF:Error\x20500:\x20Internal\x20Server\x20Error</h2>\r\n</BODY></HTML>\r\n
SF:"")%r(FourOhFourRequest,85,""HTTP/1\.1\x20200\x20OK\r\nDate:\x20Sat\x20Ma
SF:y\x2002\x2000:39:33\x20CEST\x202009\r\nServer:\x20JOSM\x20RemoteControl
SF:\r\nContent-type:\x20text/plain\r\nContent-length:\x204\r\n\r\nOK\r\n"");

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 68.19 seconds
}}}
"	defect	closed	minor		Plugin	latest	fixed	nmap, memory leak,remote control