Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [nmap-svn] r19919 - ncat

From: venkat sanaka <venkatsanaka () gmail com>
Date: Mon, 23 Aug 2010 21:20:11 +0530
Hi David

I just checked the r13962, in which I committed this code. Sorry, it was a
mistake.
I couldn't remember exactly why i put 7 instead of 8, but i think it was
because of this
old code.

-                            if (nbytes < 7)
-                                bye("Connection to SOCKS4 proxy failed:
Invalid SOCKS4 response.");


Regards
Venkat


On Sun, Aug 22, 2010 at 11:00 AM, David Fifield <david () bamsoftware com>
wrote:


On Sat, Aug 21, 2010 at 10:28:10PM -0700, commit-mailer@insecure.orgwrote:

Author: david
Date: Sat Aug 21 22:28:10 2010
New Revision: 19919

Log:
Change the length of a socks4 response to 8 (was 7). I'm not sure why it

was 7

in the first place. Conecting through a "ssh -D" proxy, the proxy was

returning

8 bytes, Ncat was reading the first 7 and passing the 8th on to the data
connection.


Modified:
   ncat/ncat_connect.c

Modified: ncat/ncat_connect.c


==============================================================================

--- ncat/ncat_connect.c       (original)
+++ ncat/ncat_connect.c       Sat Aug 21 22:28:10 2010
@@ -549,7 +549,7 @@
         } else if (socksconnect.storage.ss_family != AF_UNSPEC) {
             struct socket_buffer stateful_buf;
             struct socks4_data socks4msg;
-            char socksbuf[7];
+            char socksbuf[8];

             connect_socket = do_connect(SOCK_STREAM);
             if (connect_socket == -1) {
@@ -579,9 +579,9 @@
                 loguser("Error sending proxy request: %s.\n",

socket_strerror(socket_errno()));

                 return 1;
             }
-            /* The size of the socks4 response is 7 bytes. So read

exactly

-               7 bytes from the buffer */
-            if (socket_buffer_readcount(&stateful_buf, socksbuf, 7) <

0) {

+            /* The size of the socks4 response is 8 bytes. So read

exactly

+               8 bytes from the buffer */
+            if (socket_buffer_readcount(&stateful_buf, socksbuf, 8) <

0) {

                 loguser("Error: short reponse from proxy.\n");
                 return 1;
             }


Venkat, I believe that you implemented this. Do you remember why you had
it reading only 7 bytes instead of 8? Was is just a mistake?

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: