Localhost Nsock SSL connections unencrypted on FreeBSD

[David Fifield <david () bamsoftware com>]

Hi,

Daniel Roethlisberger reported a strange and serious bug with Ncat on
FreeBSD 7.2: ncat --ssl client connections were not being encrypted.
Ncat would report "Connected to ..." not "SSL connection to ..." and the
remote SSL server would choke on the unencrypted traffic it received.

I say "remote server" but thankfully it appears this could only happen
with localhost talking to itself. I tracked the problem to the function
nsock_connect_internal in Nsock. It sets the socket to nonblocking mode
and initiates a connect. However, if the connect is successful
immediately despite being nonblocking, there was special-case code that
marked the event as done. This prevented further processing of the
event, which included establishing the SSL connection.

I fixed the problem in r14214:14216 by removing the special-case
immediately successful connection code. Those connections will be
handled by handle_connect_result like any other. I also added an
assertion to ensure that an SSL connect event is never deleted without
the ssl member of its I/O descriptor at least being initialized.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org