WRITE TIMEOUT and "Unable to connect to remote host" in Ncat client mode

[David Fifield <david () bamsoftware com>]

Hi,

I found the cause of an Ncat failure that Fyodor and I discovered while
testing --chat mode. Pasting even a few lines into an Ncat client would
make it quit after a few seconds with the message "Unable to connect to
remote host". Turning on verbosity showed the underlying cause to be an
Nsock WRITE TIMEOUT. You can reproduce this trivially as follows:

ncat -l localhost
ncat localhost

Then paste these lines into the client:

1
2
3
4
5

For me, this caused the client to quit, with the server receiving

2
4
5

(varies sometimes). The reason this would happen is that two write
events would be queued before one of them could be handled. When one of
them was successfully handled, it would remove the socket descriptor
from the select list. The other event would be ignored by select and
eventually time out. This particular bug is fixed in r12413. With that
out of the way, the Ncat client no longer quits, but now the server gets

1
3
2
5
4

The reason for that is that sometimes a couple of write events get
queued at once, but they are dispatched in the order opposite from how
they were scheduled. The event queues were actually acting like stacks,
processing events in reverse order of their age. Here they were being
scheduled two at a time, so every pair was out of order. I fixed that in
r12418. Finally, now the server receives

1
2
3
4
5

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org