Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Ideas for Windows Ncat: non-blocking read from stdin

From: David Fifield <david () bamsoftware com>
Date: Sun, 1 Mar 2009 19:35:22 -0700
I saw this in the TODO and I want to share some ideas about it.

o Ncat Windows issue where you make a connection and then take several
  seconds to type in a line to the server, Ncat wrongly times out when
  trying to write your line to the remote server. [David]

I checked this out over the weekend. This is what I wrote to Fyodor:


I found the source of the problem. It is related to the fselect call.
When reading from a TTY, fselect says that stdin is readable when a key
is hit:
        if (stdtty) {
            if (_kbhit()) {
                FD_SET(STDIN_FILENO, &rset);
                fds_ready++;
            }
        }
So Nsock a read on stdin, expecting it to return immediately. But the
input is still being buffered by the console until you hit enter,
turning the read into a blocking read. When you finish typing, the read
finishes, and Ncat schedules a write. No time is supposed to have gone
by during the read, so nsock_tod (time of day) is not updated, and the
write timeout is set to two seconds after you *started* typing. If it
takes you more than two seconds to type, the write is timed out as soon
as it is created.


The difficulty is that select on Windows works with network sockets
only, not normal file descriptors like standard input. Emulating a
working select on Windows is nontrivial; Cygwin devotes 1,600 lines to
it (http://cygwin.com/cvs.html, src/winsup/cygwin/select.cc).

You can sort of hack around it by peeking into the console input buffer
and looking for a carriage return, but that has a major problem:
characters aren't echoed as you type. It seems you have to be actively
reading from stdin for anything to show up on the screen. So this is my
current idea: create a thread (with CreateThread) that does nothing but
read stdin and write to an anonymous pipe (created with CreatePipe).
Duplicate the pipe's handle in the main program so that when Ncat thinks
it's reading from stdin, it's reading from the pipe. The thread takes
care of line buffering and echoing, and ensures that the main process
won't block when it reads from the pipe.

I haven't tried it yet, so their could be a fatal flaw yet. I already
considered using an AF_LOCAL socket but those aren't supported on
Windows.

CreateThread
http://msdn.microsoft.com/en-us/library/ms682453.aspx
Anonymous Pipe Operations
http://msdn.microsoft.com/en-us/library/aa365141(VS.85).aspx

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: