Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Bug in ncat?

From: Pierluigi Vittori <pierluigi.vittori () gmail com>
Date: Thu, 26 Jun 2014 16:18:31 +0200
Hi there,

I think I found a small bug in ncat, namely in the code that builds
the authentication string in the socks5 protocol.
The original code writes the PLEN byte in the wrong position and then
gets overwritten by the password string itself.

Here's the patch, it works for me with my authenticated ss5 server:

diff -u -r nmap-6.46.orig/ncat/ncat_connect.c ../nmap-6.46/ncat/ncat_connect.c
--- nmap-6.46.orig/ncat/ncat_connect.c  2014-02-20 22:22:22.000000000 +0100
+++ ../nmap-6.46/ncat/ncat_connect.c    2014-06-26 08:07:36.682892626 +0200
@@ -723,7 +723,7 @@
             memcpy(socks5auth.data+1,username,strlen(username));
             len = 2 + strlen(username); // (version + strlen) + username

-            socks5auth.data[len]=strlen(password);
+            socks5auth.data[len-1]=strlen(password);
             memcpy(socks5auth.data+len,password,strlen(password));
             len += 1 + strlen(password);

Hope it helps.

Ciao,
Pierluigi
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: