Nmap Development mailing list archives
Localhost Nsock SSL connections unencrypted on FreeBSD
From: David Fifield <david () bamsoftware com>
Date: Sun, 12 Jul 2009 18:16:09 -0600
Hi, Daniel Roethlisberger reported a strange and serious bug with Ncat on FreeBSD 7.2: ncat --ssl client connections were not being encrypted. Ncat would report "Connected to ..." not "SSL connection to ..." and the remote SSL server would choke on the unencrypted traffic it received. I say "remote server" but thankfully it appears this could only happen with localhost talking to itself. I tracked the problem to the function nsock_connect_internal in Nsock. It sets the socket to nonblocking mode and initiates a connect. However, if the connect is successful immediately despite being nonblocking, there was special-case code that marked the event as done. This prevented further processing of the event, which included establishing the SSL connection. I fixed the problem in r14214:14216 by removing the special-case immediately successful connection code. Those connections will be handled by handle_connect_result like any other. I also added an assertion to ensure that an SSL connect event is never deleted without the ssl member of its I/O descriptor at least being initialized. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Localhost Nsock SSL connections unencrypted on FreeBSD David Fifield (Jul 12)