Nmap Development mailing list archives
Re: [PATCH] Ncat --broker & --ssl disconnects broken
From: David Fifield <david () bamsoftware com>
Date: Fri, 10 Jul 2009 15:59:09 -0600
On Tue, Jun 30, 2009 at 05:50:20PM -0500, Kris Katterjohn wrote:
While messing around with the second patch for the ncat --send-only behavior, I stumbled upon a bug in Ncat's broker mode when using SSL. Basically, there are no checks against the return value of SSL_read happening in broker mode, so when EOF and error conditions occur, things mess up. I don't have time to track down the exact codepath of what happens where after this occurs, but it's obvious it's bad (it appears to be some sort of infinite loop--maybe select() keeps returning for the underlying socket but nothing happens?) The checks exist in the same function as SSL_read; however, they're in the wrong spot so it's just dead code now. There's a block of code that handles what should happen for these conditions on both regular sockets and SSL sockets, but they only run if this happens on a regular socket. I've attached a patch to move these checks to the right place. All seems well in my brief testing (and it's a very simple patch). Note that these changes are in the same spot as some changes in my --send-only patch so they probably won't apply cleanly together unfortunately.
Thanks for the report and the good diagnosis. I fixed the problem in a different way in r14164, moving the SSL_read to the same place as the normal socket read. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [PATCH] Ncat --broker & --ssl disconnects broken David Fifield (Jul 10)
- Re: [PATCH] Ncat --broker & --ssl disconnects broken Kris Katterjohn (Jul 10)