DoS via resource depletion

[GoogleCodeExporter]

What steps will reproduce the problem?
1.  Error conditions
2. Exceptional circumstances
3. As Armitage grows, there may be confusion regarding with parts of the 
program are responsible for releasing resources.

What is the expected output? What do you see instead?
Potentially, it is fairly trivial to intentionally trigger a resource leak.  As 
a result, a malicious actor might be able to DoS by depleting the resource 
pool. 

What version of Metasploit are you using (type: svn info)? On which
operating system?
Latest mainline.   All OS without governance put into place.

Which database are you using?
None

Please provide any additional information below.
The function evaluate() and ArmitageMain() in ArmitageMain.java sometimes fails 
to release a system resource allocated by getResourceAsStream() on line 24 and 
line 100.

Original issue reported on code.google.com by omgcloud...@hotmail.com on 5 Jun 2011 at 8:53

[GoogleCodeExporter]

I took a look at this. At first I thought, ooh bad. And it's true, in 
ArmitageMain.java, I do not release the resource. However, in the Sleep code, I 
do.

                $handle = [SleepUtils getIOHandle: resource("resources/eventlog.style"), $null];
                $style = join("\n", readAll($handle));
                closef($handle);

A few places, I do not close the resource returned, but these places are 
one-time use (e.g., loading preferences, loading app icon, etc.). The only 
occurrence of this that bothers me is:

gui.sl:293

This is probably safe too given that I cache rendered icons, but I plan to 
correct this line and close this ticket once I do.

Original comment by rsmu...@gmail.com on 5 Feb 2013 at 9:07

• Changed state: Accepted

[GoogleCodeExporter]

Original comment by rsmu...@gmail.com on 7 Feb 2013 at 8:15

• Changed state: Fixed