Nmap Development mailing list archives
Re: Bug in ncat?
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 25 Jul 2014 10:07:13 -0500
Pierluigi, Grazie! I looked into it, and your assessment was correct. I applied your patch in r33356. Dan On Thu, Jun 26, 2014 at 9:18 AM, Pierluigi Vittori < pierluigi.vittori () gmail com> wrote:
Hi there, I think I found a small bug in ncat, namely in the code that builds the authentication string in the socks5 protocol. The original code writes the PLEN byte in the wrong position and then gets overwritten by the password string itself. Here's the patch, it works for me with my authenticated ss5 server: diff -u -r nmap-6.46.orig/ncat/ncat_connect.c ../nmap-6.46/ncat/ncat_connect.c --- nmap-6.46.orig/ncat/ncat_connect.c 2014-02-20 22:22:22.000000000 +0100 +++ ../nmap-6.46/ncat/ncat_connect.c 2014-06-26 08:07:36.682892626 +0200 @@ -723,7 +723,7 @@ memcpy(socks5auth.data+1,username,strlen(username)); len = 2 + strlen(username); // (version + strlen) + username - socks5auth.data[len]=strlen(password); + socks5auth.data[len-1]=strlen(password); memcpy(socks5auth.data+len,password,strlen(password)); len += 1 + strlen(password); Hope it helps. Ciao, Pierluigi _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Bug in ncat? Pierluigi Vittori (Jul 01)
- Re: Bug in ncat? Daniel Miller (Jul 25)